Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A study of slow denial of service mitigation tools and solutions deployed in the cloud
Linköping University, Department of Computer and Information Science.
Linköping University, Department of Computer and Information Science.
2019 (English)Independent thesis Basic level (degree of Bachelor), 10,5 credits / 16 HE creditsStudent thesis
Abstract [en]

Slow rate Denial of Service (DoS) attacks have been shown to be a very effective way of attacking vulnerable servers while using few resources. This thesis investigates the effectiveness of mitigation tools used for protection against slow DoS attacks, specifically slowheader and slow body. Finally, we propose a service that cloud providers could implement to ensure better protection against slow rate DoS attacks. The tools studied in this thesis are, a Web Application firewall, a reverse proxy using an event-based architecture and Amazon’s Elastic Load Balancing. To gather data a realistic HTTP load script was built that simulated load on the server while using probe requests to gather response time data from the server. The script recorded the impact the attacks had for each server configuration.The results show that it’s hard to protect against slow rate DoS attacks while only using firewalls or load balancers. We found that using a reverse proxy with an event-based architecture was the best way to protect against slow rate DoS attacks and that such a service would allow the customer to use their server of choice while also being protected.

Place, publisher, year, edition, pages
2019. , p. 29
Keywords [en]
slowloris, slow post, slow body, slow rate DoS, slow rate denail of service attack, DoS attacks, slow rate dos mitigation, apache, nginx, aws, elastic load balancer
National Category
Computer Engineering
Identifiers
URN: urn:nbn:se:liu:diva-157721ISRN: LIU-IDA/LITH-EX-G--19/031--SEOAI: oai:DiVA.org:liu-157721DiVA, id: diva2:1327569
Subject / course
Information Technology
Supervisors
Examiners
Available from: 2019-06-24 Created: 2019-06-19 Last updated: 2019-06-24Bibliographically approved

Open Access in DiVA

fulltext(1893 kB)47 downloads
File information
File name FULLTEXT01.pdfFile size 1893 kBChecksum SHA-512
236af6776beaf95c6882446c607311c2463b10876cf2fe080951a95a8f7b1e7230d9ad89234205faf2e0cfb21c06fb774e3f963ab5b95689cca51633a5141fcb
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Larsson, NiklasÅgren Josefsson, Fredrik
By organisation
Department of Computer and Information Science
Computer Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 47 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 89 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf