Title: Analysis of Slow Read DoS Attack and Countermeasures on Web servers

Issue Number: Vol. 4, No. 2
Year of Publication: Jan - 2015
Page Numbers: 339-353
Authors: Junhan Park , Keisuke Iwai, Hidema Tanaka and Takakazu Kurokawa
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P001550


The ideas and techniques of DoS (Denial of Service) and DDoS (Distributed DoS) Attack strategies become more effective and more complex. In this paper, we focus on a Slow Read DoS Attack which is one of the sophisticated DoS attack techniques. This technique prolongs time to read the response from the Web server, although an attacker sends a legitimate HTTP request. When an attacker sends many such legitimate requests, he can keep many open connections to Web server and eventually cause DoS situation. In this paper, we analyze the effectiveness of Slow Read DoS Attack using the virtual network environment. As the result, we can find that Slow Read DoS Attack by a single attacker can be prevented by adequate security settings of Web server and applying countermeasure such as ModSecurity. However, from the analysis of Slow Read DoS Attack technique, we can also find that these countermeasures are not effective against distributed Slow Read DoS Attack (Slow Read Distributed DoS Attack) which is proposed in this paper.