Title: Slow DoS attacks: definition and categorisation

Authors: Enrico Cambiaso; Gianluca Papaleo; Giovanni Chiola; Maurizio Aiello

Addresses: Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni, Congresso Nazionale delle Ricerche, via De Marini, 6, 16149 – Genoa, Italy; Dipartimento di Informatica, Bioingegneria, Robotica e Ingegneria dei Sistemi, Università degli Studi di Genova, via Dodecaneso, 35, 16146 – Genoa, Italy ' Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni, Congresso Nazionale delle Ricerche, via De Marini, 6, 16149 – Genoa, Italy ' Dipartimento di Informatica, Bioingegneria, Robotica e Ingegneria dei Sistemi, Università degli Studi di Genova, via Dodecaneso, 35, 16146 – Genoa, Italy ' Istituto di Elettronica e di Ingegneria dell'Informazione e delle Telecomunicazioni, Congresso Nazionale delle Ricerche, via De Marini, 6, 16149 – Genoa, Italy

Abstract: Denial of service (DoS) attacks evolved and consolidated as severe security threats to network servers, not only for internet service providers but also for governments. Earlier DoS attacks involved high-bandwidth flood-based approaches exploiting vulnerabilities of networking and transport protocol layers. Subsequently, distributed DoS attacks have been introduced amplifying not only the overall attack bandwidth but also the attack source, thus eluding simple counter measures based on source filtering. Current low bit-rate approaches, instead, exploit vulnerabilities of application layer protocols to accomplish DoS or DDoS attacks. Slow DoS attacks like, e.g., slowloris are particularly dangerous because they can bring down a well equipped server using small attacker's bandwidth, hence they can effectively run on low performance hosts, such as routers, game consoles, or mobile phones. In this paper, we study slow DoS attacks, analysing in detail the current threats and presenting a proper definition and categorisation for such attacks. Hopefully, our work will provide a useful framework for the study of this field, for the analysis of network vulnerabilities, and for the proposal of innovative intrusion detection methodologies.

Keywords: network servers; network security; denial of service; flooding; low bit rate; slow DoS attacks; SDAs; categorisation; taxonomy; application layer protocols; network vulnerabilities; intrusion detection.

DOI: 10.1504/IJTMCC.2013.056440

International Journal of Trust Management in Computing and Communications, 2013 Vol.1 No.3/4, pp.300 - 319

Received: 02 Feb 2013
Accepted: 29 Apr 2013

Published online: 16 Sep 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article