Title: Analysis of Slow Read DoS Attack and Countermeasures

Year of Publication: Nov - 2014
Page Numbers: 37-49
Authors: Junhan Park, Keisuke Iwai, Hidema Tanak, Takakazu Kurokawa
Conference Name: The International Conference on Cyber-Crime Investigation and Cyber Security (ICCICS2014)
- Malaysia


The ideas and techniques of the DoS / DDoS Attack strategy become more effective and more complex. In our research, we focus on a Slow Read DoS Attack which is one of the sophisticated DoS attack techniques. This technique prolongs time to read the response from the Web server, although an attacker sends a legitimate HTTP request. When an attacker sends many legitimate requests, he can keep many open connections to Web server and eventually cause DoS situation. In this paper, we analyze the effectiveness of the Slow Read DoS Attack using the virtual environment. As a result, we found that the Slow Read DoS Attack by a single attacker can be prevented by adequate security settings of Web server and applying countermeasure such as ModSecurity. However, from the analysis of the Slow Read DoS Attack technique, we can also find that these countermeasures are not effective against distributed Slow Read DoS Attack (Slow Read DDoS Attack) which is proposed in this paper.