Abstract
In the last years the Internet has become a primary tool for information dissemination, spreading itself on the entire world and becoming a necessary communication system. More recently, thanks to the advent of the Internet of Things paradigm, a wide range of objects (such as washing machines, thermostats, fridges) is able to communicate on the Internet. As a consequence of this large adoption, due to economic motivations, the Internet is often targeted by cyber-criminals. In this paper, we present a novel attack called Slow Next, targeting Internet services (IoT, cloud, mobile hosted, etc.). We analyze that the proposed menace is able to lead a Denial of Service on different categories of network protocols using a low amount of network bandwidth. Moreover, since connections behavior is legitimate, Slow Next is able to elude detection systems. The attack represents therefore a potential menace on the cybersecurity field.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Actually, before authenticating, some initial “unauthenticated” messages may be enchanged between client and server.
References
Chen, D., Chang, G., Sun, D., Jia, J., Wang, X.: Lightweight key management scheme to enhance the security of internet of things. Int. J. Wirel. Mob. Comput. 5(2), 191–198 (2012)
Gu, Q., Liu, P.: Denial of service attacks, Department of Computer Science Texas State UniversitySan Marcos School of Information Sciences and Technology Pennsylvania State University Denial of Service Attacks Outline, pp. 1–28 (2007)
Kumar, S., Singh, M., Sachdeva, M., Kumar, K.: Flooding based DDoS attacks and their influence on web services. (IJCSIT) Int. J. Comput. Sci. Inf. Technol. 2(3), 1131–1136 (2011)
Cambiaso, E., Papaleo, G., Chiola, G., Aiello, M.: Slow DoS attacks: definition and categorisation. Int. J. Trust Manag. Comput. Commun.—In press article (2013)
Aiello, M., Cambiaso, E., Scaglione, S., Papaleo, G.: A similarity based approach for application DoS attacks detection. In: The Eighteenth IEEE Symposium on Computers and Communications (2013)
Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: RFC 2616, Hypertext transfer protocol—HTTP/1.1. http://www.rfc.net/rfc2616.html
Giralte, L.C., Conde, C., de Diego, I.M., Cabello, E.: Detecting denial of service by modelling web-server behaviour. Comput. & Electr. Eng. (2012)
Aiello, M., Papaleo, G., Cambiaso, E.: SlowReq: a weapon for cyberwarfare operations. Characteristics, limits, performance, remediations. In: International Joint Conference SOCO’13-CISIS’13-ICEUTE’13, pp. 537–546 (2013)
Siriwardena, P.: Security by design. In: Advanced API Security, pp. 11–31. Springer (2014)
Jain, A., Chhabra, G.S.: Anti-forensics techniques: an analytical review. In: 2014 Seventh International Conference on Contemporary Computing (IC3), pp. 412–418 (2014)
Cambiaso, M.A.E., Papaleo, G.: Taxonomy of slow dos attacks to web applications. In: Recent Trends in Computer Networks and Distributed Systems Security, pp. 195–204. Springer, Heidelberg (2012)
Park, J., Iwai, K., Tanaka, H., Kurokawa, T.: Analysis of slow read DoS attack.In: 2014 International Symposium on Information Theory and its Applications (ISITA), pp. 60–64 (2014)
Corchado, E., Herrero: Neural visualization of network traffic data for intrusion detection. Appl. Soft Comput. 11(2), 2042–2056 (2011)
Herrero, Navarro, M., Corchado, E., Julin, V.: RT-MOVICAB-IDS: addressing real-time intrusion detection. Future Gener. Comput. Syst. 29(1), 250–261 (2013)
Kozik, R., Chora, M., Renk, R., Houbowicz, W.: Modelling HTTP requests with regular expressions for detection of cyber attacks targeted at web applications. In: International Joint Conference SOCO14-CISIS14-ICEUTE14, pp. 527–535 (2014)
Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: a review. Appl. Soft Comput. 10(1), 1–35 (2010)
Aiello, M., Cambiaso, E., Mongelli, M., Papaleo, G.: An on-line intrusion detection approach to identify low-rate DoS attacks. In: 2014 International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2014)
Klensin, J.: RFC 2821: simple mail transfer protocol. http://tools.ietf.org/rfc/rfc2821
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Cambiaso, E., Papaleo, G., Chiola, G., Aiello, M. (2015). Designing and Modeling the Slow Next DoS Attack. In: Herrero, Á., Baruque, B., Sedano, J., Quintián, H., Corchado, E. (eds) International Joint Conference. CISIS 2015. Advances in Intelligent Systems and Computing, vol 369. Springer, Cham. https://doi.org/10.1007/978-3-319-19713-5_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-19713-5_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19712-8
Online ISBN: 978-3-319-19713-5
eBook Packages: EngineeringEngineering (R0)