Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar, Abdul Ghafar; Ismail, Saiful Adli; Abdullah, Mohd Shahidan; Kama, Nazri; Azmi, Azri; Yusop, Othman Mohd

doi:10.3390/s20143820

Cited by 2 publications

(2 citation statements)

References 51 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is also because the request header is not mandatory to be given, which allowed network intruders to generate the forged headers as legitimate HTTP requests. Jaafar et al [13] also demonstrated this weaknesses by using used eight different types of attacks in which the results showed that, there are similarities and differences in the fake request headers in both internal and external networks, thus, this can make HTTP requests appear authentic when launching HTTP DDoS attacks. In fact, it was highlighted that the request header needs a major improvement in terms of security to prevent the request header from being easily manipulated by malicious attackers.…”

Section: Review Of Existing Ddos Attack On Http/2mentioning

confidence: 99%

Distributed Denial of Service Attack in HTTP/2: Review on Security Issues and Future Challenges

Ming,

Leau,

Xie

2024

IEEE Access

View full text Add to dashboard Cite

This article offers a comprehensive overview of recent literature on the HTTP/2 protocol and conducts an analysis of the security threats and DDoS attack typologies associated with HTTP/2. The investigation revealed that the introduction of new features in HTTP/2 has significantly improved the network transmission speed and utilization. However, these advancements have also brought forth a series of emerging network security risks. This study examines the current state of the art in DDoS attacks tailored for HTTP/2 and their detection methods, proposing future research directions in the field of attack detection. By analyzing the distinctive features of HTTP/2 protocol, the study suggests extending DDoS attack detection techniques established for HTTP/1 to the realm of HTTP/2. Furthermore, the research underscores the ease with which adversaries can exploit the intrinsic multiplexing in HTTP/2 to launch a large number of malicious requests, leading to severe depletion of network bandwidth and exhaustion of valuable server resources. Additionally, it highlights the potential applicability of deep learning algorithms in the context of the HTTP/2 protocol. Additionally, the article proposes strategies to address challenges associated with DDoS attacks and the scarcity of adequate datasets for HTTP/2. This research contributes to a comprehensive understanding of the security implications surrounding the HTTP/2 protocol and provides valuable insights for advancing DDoS attack detection technologies.

show abstract

Section: Review Of Existing Ddos Attack On Http/2mentioning

confidence: 99%

Distributed Denial of Service Attack in HTTP/2: Review on Security Issues and Future Challenges

Ming,

Leau,

Xie

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The detection of DDoS attacks is very challenging [ 2 ]. DDoS attacks are kind of cyber-attack that target a specific machine or server and lead them to stop providing their services to the devices that are connected to this machine.…”

Section: Introductionmentioning

confidence: 99%

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Ali

Sulaiman

Al-Haddad

et al. 2021

Sensors

View full text Add to dashboard Cite

One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application.

show abstract

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Cited by 2 publications

References 51 publications

Distributed Denial of Service Attack in HTTP/2: Review on Security Issues and Future Challenges

Distributed Denial of Service Attack in HTTP/2: Review on Security Issues and Future Challenges

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Contact Info

Product

Resources

About