1,720,991 research outputs found
Introducing the SlowDrop Attack
No full textIn network security, Denial of Service (DoS) attacks target network systems with the aim of making them unreachable. Last generation threats are particularly dangerous because they can be carried out with very low resource consumption by the attacker. In this paper we propose SlowDrop, an attack characterized by a legitimate-like behavior and able to target different protocols and server systems. The proposed at- tack is the first slow DoS threat targeting Microsoft IIS, until now unexploited from other similar attacks. We properly describe the attack, analyzing its ability to target arbitrary systems on different scenarios, by including both wired and wireless connections, and comparing the proposed attack to similar threats. The obtained results show that by executing targeted attacks, SlowDrop is successful both against con- ventional servers and Microsoft IIS, which is closed source and required us the execution of so called “network level reverse engineering”activities. Due to its ability to successfully target different servers on different scenarios, the attack should be considered an important achievement in the slow DoS field
SlowReq: A Weapon for Cyberwarfare Operations. Characteristics, Limits, Performance, Remediations
No full textIn the last years, with the advent of the Internet, cyberwarfare opera- tions moved from the battlefield to the cyberspace, locally or remotely execut- ing sabotage or espionage operations in order to weaken the enemy. Among the technologies and methods used during cyberwarfare actions, Denial of Service attacks are executed to reduce the availability of a particular service on a net- work. In this paper we present a Denial of Service tool that belongs to the Slow DoS Attacks category. We describe in detail the attack functioning and we compare the proposed threat with a similar one known as slowloris, showing the enhancements provided by the proposed tool
Taxonomy of Slow DoS Attacks to Web Applications
No full textIn the last years, Denial of Service (DoS) attacks have been widely spreaded becoming a more than ever relevant threat to network security. DoS attacks evolved from flood to low bandwidth rate based, making a host unreachable through the usage of a small amount of bandwidth and eluding an Intrusion Detection System more easily. In this paper, we analyze the most common slow Denial of Service attacks to web applications, proposing a taxonomy to categorize such attacks. The proposal of our work is to make an overview and to classify slow DoS attacks for a better understanding of their action strategy, thus helping developers and network administrators to design proper defense methodologies
A similarity based approach for application DoS attacks detection
No full textThe ability to identify anomalous traffic patterns is a central issue for network managers: primarily lots of problems could arise from network attacks, such as viruses and tunneling tools. In this paper we present a detection algorithm able to extract information analyzing features of the network traffic con- taining attacks. The algorithm exploits statistical methodologies for traffic categorization. To assess the practical usability of the proposed algorithms we have tested its application in a case of abuse of resources through an application DoS attack known as slowloris. We have obtained an excellent reliability both analyzing single samples of traffic (100% of anomalies detection, with 1% probability of false positives) and processing multiple samples, through an average measurement (100% of anomalies detection, with a distance between traffics of 5.29 sigma, providing an extremely low false positive error rate)
An on-line intrusion detection approach to identify low-rate DoS attacks
No full textThis paper addresses the problem of detection of “Slow” Denial of Service attacks. The problem is particularly challenging in virtue of the reduced amount of bandwidth generated by the attacks. A novel detection method is presented, which analyzes specific spectral features of traffic over small time horizons. No packet inspection is required. Extrapolated data refer to real traffic traces, elaborated over the Local Area Network of our Institute. Different kinds of attacks have been considered as well. The results show how the proposed method is reliable and applicable in many other contexts
Mobile Executions of Slow DoS Attacks
No full textDenial of Service attacks are executed to prevent the access to an Internet service by legitimate users. Recently, such attacks evolved to the so called Slow DoS Attacks, which are able to reach their goal by using tiny amounts of network bandwidth. In this paper we focus on such category of threats: we design an innovative menace, SlowDroid, that may affect multiple protocols requiring minimal resources to the attacker. In virtue of this, the attack can even be executed from a mobile device. We compare the attack with similar already existing menaces, measuring the results obtained based on new metrics we introduce, proving that the proposed threat represents a serious menace.Denial of Service attacks are executed to prevent the access to an Internet service by legitimate users. Recently, such attacks evolved to the so called Slow DoS attacks, which are able to reach their goal by using tiny amounts of network bandwidth. In this article we focus on such category of threats: we design an innovative offensive tool, SlowDroid, that may affect multiple protocols requiring minimal resources to the attacker. In virtue of this, the attack can even be executed from a mobile device. We compare the attack with similar already existing tools, measuring the results obtained based on new metrics we introduce, proving that the proposed threat represents a serious menace
Slow DoS attacks: definition and categorization
No full textDenial of Service (DoS) attacks evolved and consolidated as severe
security threats to network servers, not only for Internet Service Providers
but also for governments. Earlier DoS attacks involved high-bandwidth
flood-based approaches exploiting vulnerabilities of networking and transport
protocol layers. Subsequently, Distributed DoS attacks have been introduced
amplifying not only the overall attack bandwidth but also the attack source,
thus eluding simple counter measures based on source filtering. Current
low bit-rate approaches, instead, exploit vulnerabilities of application layer
protocols to accomplish DoS or DDoS attacks.
Slow DoS Attacks like, e.g., slowloris are particularly dangerous because
they can bring down a well equipped server using small attacker’s bandwidth,
hence they can effectively run on low performance hosts, such as routers,
game consoles, or mobile phones.
In this paper, we study Slow DoS Attacks, analyzing in detail the current
threats and presenting a proper definition and categorization for such attacks.
Hopefully, our work will provide a useful framework for the study of this
field, for the analysis of network vulnerabilities, and for the proposal of
innovative Intrusion Detection methodologies
Mobile Botnets Development: Issues and Solutions
No full textDue to their limited capabilities, mobile devices have rarely been adopted as attack vectors. In this paper, we consider the execution of coordinated and distributed attacks perpetrated by mobile devices (mobile botnet). We first describe current botnets architectures, analyzing their strengths and weaknesses. Then, we identify problems deriving from the development of a mobile botnet. Appropriate solutions to such problems have been proposed, thus providing an important resource during design and development stages of a mobile botnet
SlowDroid: Turning a Smartphone into a Mobile Attack Vector
Full text linkNowadays, last generation of smartphones are comparable to desktop computers in terms of computational capabilities. Such characteristics can turn a smartphone into a mobile attack vector. In this paper we analyze the use of mobile devices to perpetrate cyber attacks. We present a mobile threat, SlowDroid, running on Android operating system. Such menace implements a Denial of Service attack and it is particularly suitable to a mobile execution, since it makes use of low amounts of computational and bandwidth resources. We present in detail SlowDroid implementation and our choices in terms of design, graphical user interface, and system architecture
DoS Attacks in Available MQTT Implementations
No full textThe Internet of Things is a widely adopted and pervasive technology, but also one of the most conveniently attacked given the volume of shared data and the availability of affordable but insecure products. This paper investigates two classes of denial of service (DoS) attacks that target the handling of message queues in MQTT, one of the most broadly used IoT protocols. The first attack attempts to saturate the MQTT broker resources, while the second exploits the broker to perform an amplification attack against the connected clients. We demonstrate the effectiveness of the attacks and indicate the parameters that would hinder the capabilities of a DoS attacker in three open-source MQTT implementations: Mosquitto, VerneMQ and EMQ X. To improve the security awareness in MQTT-based deployments, we integrate the attacks and mitigations in MQTTSA, a tool that detects MQTT misconfigurations and provides security-oriented recommendations and configuration snippets
- …
