Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An Investigation of Slow HTTP DoS attacks on Intrusion Detection Systems
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Network Security Monitoring (NSM) is one of the standard methods used for protecting networks from attackers, and it has four phases: Monitoring, Detection, Forensics/Diagnosis, and Response/Recovery. One of the technologies frequently used for monitoring and detecting malicious traffic in the network is Intrusion Detection Systems (IDS). Each IDS employs a unique monitoring and detection strategy. SomeIDS utilize rule sets to detect malicious traffic. Therefore, these rule sets ought to be tested to ascertain if they can be able to recognize attacks. The main objective of this research thesis is to analyse the rule sets that are responsible for the detection of malicious traffic in an IDS, explore extensive literature on IDS and Slow hyper text transfer protocol (HTTP) Denial-of-service (DoS) attacks, and design and develop a testbed to conduct this evaluation. The problem being addressed in this thesis is that there exists limited research that has a focus on the effects of Slow HTTP attacks on IDS, and as a result, the authors of this thesis explore this gap. In this study, the authors have proposed an approach to assessing and evaluating the effect that a DOS attack may have on IDS. The experiments that have been conducted have shown significant approaches where Slow HTTP DoS attacks are conducted on an IDS using different rule sets. These experiments were conducted in a virtualized environment, and the preferred IDS was Snort and Suricata. This is owing to the fact that IDS use different detection techniques to analyse malicious traffic and generate alerts using rule sets. Based on this, it is possible to evaluate the detection of attacks by a signature-based IDS based on the alerts being generated in real-time. The experiments that have been conducted in this thesis show that Snort and Suricata’s standard solutions are effective. The registered rule set generated alerts for different attacks than the community rule set in snort. The emerging threats rule set in Suricata was able to detect two of three attacks that were conducted, which has shown that the choice of our approach provides significant outcomes when exploringDOS attacks on IDS.

Place, publisher, year, edition, pages
2023. , p. 87
Keywords [en]
Intrusion Detection Systems, Slow HTTP DoS Attacks, Snort, Suricata, Rule sets.
National Category
Telecommunications
Identifiers
URN: urn:nbn:se:bth-24320OAI: oai:DiVA.org:bth-24320DiVA, id: diva2:1740303
Subject / course
ET2606 Masterarbete i elektroteknik med inriktning mot telekommunikationssystem 30,0 hp
Educational program
ETADT Plan för kvalifikation till masterexamen inom elektroteknik med inr mot telekommunikationssystem 120,0 hp
Supervisors
Examiners
Available from: 2023-03-01 Created: 2023-02-28 Last updated: 2023-03-01Bibliographically approved

Open Access in DiVA

An Investigation of Slow HTTP DoS attacks on Intrusion Detection Systems(1451 kB)1320 downloads
File information
File name FULLTEXT02.pdfFile size 1451 kBChecksum SHA-512
a68974a00b5a5186e81ff01f18a0648fc786eb29b4164b511d215ca2dd2edf68671a4eed867dbae32cd598b953653999abf5ccc6bec181584cc2f749db422e3f
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science
Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 1320 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 1521 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf