Low-rate denial-of-service attacks against HTTP/2 services
Version 2 2024-06-05, 02:45
Version 1 2020-06-10, 16:17
conference contribution
posted on 2024-06-05, 02:45 authored by E Adi, Zubair BaigZubair Baig, CP Lam, P HingstonHTTP/2 is the second major version of the HTTP protocol approved by the Internet Engineering Steering Group (IESG). Although the semantics of how messages are exchanged between clients and servers remains the same, the protocol demands more computing power than its predecessor, HTTP/1.1. Hence HTTP/2 is more vulnerable to Denial-of-Service (DoS) attacks. A variant of the DoS type of attack is to send low-rate traffic that contains resource-hungry instructions, to a victim node. This low-rate DoS attacks can succeed only if the victim hosts an application that consumes large-scale computing resources once activated. With the introduction of HTTP/2, we showed that the attack can be launched at the protocol level by sending low-rate HTTP/2 packets to a web server. To the best of our knowledge, no study has been done on how DoS attacks can be launched against HTTP/2 services. Results obtained prove the effect of a low-rate DoS attack against HTTP/2 services.
History
Pagination
1-5Location
Kuala Lumpur, MalaysiaStart date
2015-08-24End date
2015-08-27ISBN-13
9781467365376Language
engPublication classification
E1.1 Full written paper - refereedEditor/Contributor(s)
[Unknown]Title of proceedings
ICITCS 2015 : Proceedings of the 2015 5th International Conference on IT Convergence and SecurityEvent
IT Convergence and Security. Conference (5th : 2015 : Kuala Lumpur, Malaysia)Publisher
Institute of Electrical and Electronics EngineersPlace of publication
Piscataway, N.J.Series
IT Convergence and Security ConferenceUsage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC