HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks

被引：0

作者：

Beckett, David ^{[1
]}

Sezer, Sakir ^{[1
]}

机构：

[1] Queens Univ Belfast, CSIT, Belfast, Antrim, North Ireland

来源：

2017 SEVENTH INTERNATIONAL CONFERENCE ON EMERGING SECURITY TECHNOLOGIES (EST) | 2017年

关键词：

DDoS; HTTP2; Flood; Attack; Apache; nghttp2; Nginx; Vulnerabilities;

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Distributed Denial of Service (DDoS) attacks are a frequent cyber attack vector which cause significant damage to computer systems. Hypertext Transfer Protocol (HTTP), which is the core communication protocol of the internet, has had a major upgrade and is released as RFC 7540. This latest version, HTTP/2, has begun to be deployed in live systems before comprehensive security studies have been carried out on its risk from DDoS. In this piece of research we explore using experimental methodology, the DDoS risk posed by the upgraded functionality of the HTTP/2 protocol, in particular its risk from a flood attack. Our results show that a website implementing HTTP/2, scales up the flood attack magnitude, increasing the risk from DDoS.

引用

页码：107 / 112

页数：6

共 11 条

[1] A. Networks, 2017, WORLDW INFR SEC REP
[2] Distributed denial-of-service attacks against HTTP/2 services
Adi, Erwin
Baig, Zubair A.
Hingston, Philip
Lam, Chiou-Peng
[J]. CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS, 2016, 19 (01): : 79 - 86
[3] Akamai, 2015, STAT INT Q2 2015
[4] [Anonymous], 2016, HTTP 2 IN DEPTH AN T
[5] [Anonymous], 2015, RFC 7540 HYP TRANSF
[6] Baig Z., 2015, Security and Privacy in Communication Networks, V2015, P1
[7] Cloudflare, 2016, SAY CHEES SNAPSH MAS
[8] DAMON E, 2012, INFOSECCD 12, P21
[9] IETF, 2015, QUIC UDP BA IN PRESS
[10] IETF, 2015, RFC 7541 HPACK HEAD

← 1 2 →