|
|
Detection of modern Slow DoS attacks
Jurek, Michael ; Jonák, Martin (oponent) ; Sikora, Marek (vedoucí práce)
With the evolving number of interconnected devices, the number of attacks arises. Malicious actors can take advantage of such devices to create (D)DoS attacks against victims. These attack are being more and more sophisticated. New category of DoS attacks was discovered that tries to mimic standard user behavior -- Slow DoS Attacks. Malicious actor leverages transport protocol behavior to the highest option by randomly dropping packets, not sending or delaying messages, or on the other hand crafting special payloads causing DoS state of application server. This thesis proposes parameters of network flow that should help to identify chosen Slow DoS Attack. These parameters are divided into different categories describing single packets or whole flow. Selected Slow DoS Attack are Slow Read, Slow Drop and Slow Next. For each attack communication process is described on the transport and application layer level. Then important parameters describing given Slow DoS Attack are discussed. Last section sums up methods and tools of generation of these attacks. Next part deals with possibilities and tools to create such an attack, discuss basic communication concepts of creating parallel connections (multithreading, multiprocessing) and proposes own Slow DoS Attack generator with endless options of custom defined attacks. Next part describes testing environment for the attack generator and tools and scenarios of data capture with the goal of dataset creation. That dataset is used for subsequent detection using machine learning methods of supervised learning. Decision trees and random forest are used to detect important features of selected Slow DoS Attacks.
|
|
|
Slow DoS attacks generator
Krivulčík, Andrej ; Zeman, Václav (oponent) ; Sikora, Marek (vedoucí práce)
The work is focused on Slow DoS attacks and generating them. There are compared 3 most popular web servers and their defensive modules against this type of attacks. Closed are described network model TCP/IP, protocol HTTP (Hypertext Transfer Protocol), each DoS attack, Slow GET, Slow POST or Slow Read and also flood attacks. Afterwards the attack generator is described, with its functionality.
|
|
|
Detection of modern Slow DoS attacks
Jurek, Michael ; Jonák, Martin (oponent) ; Sikora, Marek (vedoucí práce)
With the evolving number of interconnected devices, the number of attacks arises. Malicious actors can take advantage of such devices to create (D)DoS attacks against victims. These attack are being more and more sophisticated. New category of DoS attacks was discovered that tries to mimic standard user behavior -- Slow DoS Attacks. Malicious actor leverages transport protocol behavior to the highest option by randomly dropping packets, not sending or delaying messages, or on the other hand crafting special payloads causing DoS state of application server. This thesis proposes parameters of network flow that should help to identify chosen Slow DoS Attack. These parameters are divided into different categories describing single packets or whole flow. Selected Slow DoS Attack are Slow Read, Slow Drop and Slow Next. For each attack communication process is described on the transport and application layer level. Then important parameters describing given Slow DoS Attack are discussed. Last section sums up methods and tools of generation of these attacks. Next part deals with possibilities and tools to create such an attack, discuss basic communication concepts of creating parallel connections (multithreading, multiprocessing) and proposes own Slow DoS Attack generator with endless options of custom defined attacks. Next part describes testing environment for the attack generator and tools and scenarios of data capture with the goal of dataset creation. That dataset is used for subsequent detection using machine learning methods of supervised learning. Decision trees and random forest are used to detect important features of selected Slow DoS Attacks.
|
|
|
Slow DoS attacks generator
Krivulčík, Andrej ; Zeman, Václav (oponent) ; Sikora, Marek (vedoucí práce)
The work is focused on Slow DoS attacks and generating them. There are compared 3 most popular web servers and their defensive modules against this type of attacks. Closed are described network model TCP/IP, protocol HTTP (Hypertext Transfer Protocol), each DoS attack, Slow GET, Slow POST or Slow Read and also flood attacks. Afterwards the attack generator is described, with its functionality.
|
host ::
RSS.