Analysis and detection of application-independent slow Denial of Service cyber attacks

This paper investigates current application-independent slow Denial of Service (DoS) attacks. We propose Slowcomm and Slow Next attack models and present an attack simulation tool. We used this tool for vulnerability testing of several Internet services, including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Secure Shell (SSH) servers. We also propose attack signatures and detection methods. We implemented these methods as an Intrusion Detection System (IDS) and tested them in an experimental network. Our testing revealed vulnerabilities in five of the six tested servers that caused the denial of service to legitimate users. Deployment of the proposed attack detector has shown a high detection success. We conclude that there is a need to increase the level of cybersecurity. Internet services are vulnerable to these new DoS attacks. Our analysis can be used for the security development of tested services. Our detector in combination with a network traffic filtering tool can be used to mitigate the attacks and keep the service available to Internet users.