Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges

Singh, Kamaldeep; Singh, Paramvir; Kumar, Krishan

doi:10.1016/j.cose.2016.10.005

Cited by 86 publications

(51 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Flooding attacks Differently from the other category of DoS attacks, in this case the attacker does not exploit any vulnerability at application level but seek to exhaust the target resources by producing an overwhelming quantity of requests [93]. Some examples of these attacks that can affect the Cloud are: -HTTP flooding attack : in this type of DoS attack, the adversary's goal is to generate large amounts of HTTP GET (or HTTP POST) requests that will eventually fill-up the victim's request queues [118,23,93].…”

Section: Confidentiality Issuesmentioning

confidence: 99%

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

View full text Add to dashboard Cite

The Internet of Things (IoT) is rapidly changing our society to a world where every "thing" is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of Cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

show abstract

Section: Confidentiality Issuesmentioning

confidence: 99%

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

et al. 2019

View full text Add to dashboard Cite

show abstract

“…The aim of such attacks is to cease the services and resources and make them unavailable to the legitimate users. The challenges, launching strategies, and defense approaches for the high‐rate DDoS attacks are provided in previous studies . These attacks can be easily detected as it involves a high volume of attack traffic.…”

Section: Introductionmentioning

confidence: 99%

“…The challenges, launching strategies, and defense approaches for the high-rate DDoS attacks are provided in previous studies. [8][9][10] These attacks can be easily detected as it involves a high volume of attack traffic. Thus, the attackers are moving towards the sophisticated or intelligent DDoS attacks launching strategies, which are stealth and difficult to detect.…”

mentioning

confidence: 99%

A proactive defense method for the stealthy EDoS attacks in a cloud environment

Agrawal

Tapaswi

2020

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Cloud computing technology provides flexibility to Cloud Service Provider (CSP) for providing the cloud resources based on the users' requirements. In on‐demand pricing model, the attackers exploit this feature and cause unwanted scaling‐up of the cloud resources without any intent to pay for them. The associated cost for the unpaid malicious usage burdens the CSP, and over a long period, economic losses occur at the CSP end. Thus, the resources and services offered by the CSP become unsustainable, and the attack is termed as Economic Denial‐of‐Sustainability (EDoS) attack. The existing defense approaches for EDoS attacks are reactive. Thus, the associated attack detection/mitigation cost is high; consequently, the approaches are not suitable for the Small and Medium Enterprises (SMEs). The aim of this paper is to detect and mitigate, internal and external, stealthy EDoS attacks proactively. The attack is detected using average CPU utilization threshold and utility function (in terms of cost for the utilized cloud computing resources) and mitigated using virtual firewalls. Amazon Elastic Compute Cloud (Amazon EC2) is used to evaluate the performance of the proposed approach. The proposed approach accurately detects the EDoS attack and mitigates its effect as well with reduced cost. It is observed that the approach provides competitive response time, victim service downtime, and attack reporting time. Thus, the overall performance is improved.

show abstract

“…Otro aporte [10] hace una evaluación de la situación actual de los sitios web chinos utilizando plataformas reales de revelación de vulnerabilidades. Otro trabajo [11], realizó enfoque sistemático para establecer una base de datos sustancial y completa de la literatura de última generación centrada en la detección de ataques. Finalmente, en la artículo [12] se lleva a cabo una revisión sistemática de la literatura sobre vulnerabilidades y ataques XSS hechas en trabajos afines.…”

Section: Introductionunclassified

Técnicas de programación segura para mitigar vulnerabilidades en aplicaciones web

Monar

Ramírez

Medina

et al. 2018

CCTESPE

View full text Add to dashboard Cite

Palabras Claves-Vulnerabilidades, OWASP, ataques web, PHP, programación segura, seguridad web.Abstract-Currently, most web applications contain security vulnerabilities. Probably, it is due to lack of culture of the developers or the absence of specific coding techniques. We analyzed certain works related, but we consider that they do not define detailed programming techniques, nor do they focus on a specific programming language. This work proposes a set of secure programming techniques to reduce vulnerabilities in web applications using the PHP. For this, ten vulnerabilities were determined using the OWASP TOP-10 recommendations. Then, the seven techniques are presented and their respective way of implementing them. The techniques are validated; the vulnerabilities of a web application are measured in two scenarios; with and without the implementation of the proposed techniques. The results show that the use of the proposed techniques is significantly related to the number of vulnerabilities found and therefore improves the level of security of web applications.

show abstract

Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges

Cited by 86 publications

References 12 publications

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

A proactive defense method for the stealthy EDoS attacks in a cloud environment

Técnicas de programación segura para mitigar vulnerabilidades en aplicaciones web

Contact Info

Product

Resources

About