An Investigation of the Impact of the Slow HTTP DOS and DDOS attacks on the Cloud environment

Helalat, Seyed Milad

January 2017

Cloud computing has brought many benefits to the IT industry, and could reduce the cost and facilitate the growth of businesses specially the startup companies which don’t have enough financial resources to build their own IT infrastructure. One of the main reason that companies hesitate to use cloud services is the security issues that the cloud computing technology has. This thesis at the beginning has an overview on the cloud computing concept and then reviews the cloud security vulnerabilities according to the cloud security alliance, then it describes the cloud denial of service and will focus on analyzing the Slow HTTP DOS attack and then will analyze the direct and indirect impact of these attacks on virtual machines. We decided to analyze the HTTP slow rate attacks because of the craftiness and covered characteristic also the catastrophic impact of the Slow HTTP attack whether it’s lunched on the cloud component or lunched from the cloud. There are some researches on the different way that a web server or web service can be protected against slow HTTP attacks, but there is a research gap about the impact of the attack on virtual environment or whether this attack has cross VM impact or not. This thesis investigates the impact of Slow HTTP attack on virtualization environment and will analyze the direct and indirect impact of these attack. For analyzing the Slow HTTP attacks, Slow headers, Slow body and Slow read are implemented using Slowhttptest and OWASP Switchblade software, and Wireshark is used to capture the traffic. For analyzing the impact of the attack, attacks are lunched on VirtualBox and the impact of the attack on the victim VM and neighbor VM is measured.

Slow HTTP DOS

Cloud computing Vulnerabilities

DOS on cloud

DOS on Virtual machines

Telecommunications

Telekommunikation

Modelování a detekce útoku SlowDrop / Modeling and detection of SlowDrop attack

Mazánek, Pavel

January 2020

The work's main topic is a recently published slow DoS attack called SlowDrop. The work focuses on the subject of describing the current state of the DoS problem as a whole and the SlowDrop attack as well. It works with this theoretical basis during the implementation of it's own SlowDrop attack model. This model is tested in various scenarios and the outcome results are analyzed and constructively discussed. Furthermore defensive mechanisms against this threat and DoS attacks in general are proposed, specific methods shown and configurations recommended. These methods are followingly tested and evaluated. Last but not least the traffic of a SlowDrop attacker and a legitimate client with bad connection, which the SlowDrop attack is trying to immitate, are compared. From this comparison final conclusions of this work are drawn.

Performance comparison between Apache and NGINX under slow rate DoS attacks

Al-Saydali, Josef, Al-Saydali, Mahdi

January 2021

One of the novel threats to the internet is the slow HTTP Denial of Service (DoS) attack on the application level targeting web server software. The slow HTTP attack can leave a high impact on web server availability to normal users, and it is affordable to be established compared to other types of attacks, which makes it one of the most feasible attacks against web servers. This project investigates the slow HTTP attack impact on the Apache and Nginx servers comparably, and review the available configurations for mitigating such attack. The performance of the Apache and NGINX servers against slow HTTP attack has been compared, as these two servers are the most globally used web server software. Identifying the most resilient web server software against this attack and knowing the suitable configurations to defeat it play a key role in securing web servers from one of the major threats on the internet. From comparing the results of the experiments that have been conducted on the two web servers, it has been found that NGINX performs better than the Apache server under slow rate DoS attack without using any configured defense mechanism. However, when defense mechanisms have been applied to both servers, the Apache server acted similarly to NGINX and was successful to defeat the slow rate DoS attack.

Apache

NGINX

slow HTTP

low rate HTTP

RUDY

slow rate DoS

Slowloris

Computer Sciences

Datavetenskap (datalogi)