HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 request flood DDoS attacks

Distributed Denial of Service (DDoS) attacks are a frequent cyber attack vector which cause significant damage to computer systems. Hypertext Transfer Protocol (HTTP), which is the core communication protocol of the internet, has had a major upgrade and is released as RFC 7540. This latest version, HTTP/2, has begun to be deployed in live systems before comprehensive security studies have been carried out on its risk from DDoS. In this piece of research we explore using experimental methodology, the DDoS risk posed by the upgraded functionality of the HTTP/2 protocol, in particular its risk from a flood attack. Our results show that a website implementing HTTP/2, scales up the flood attack magnitude, increasing the risk from DDoS.

[1]  I. Lazar,et al.  The state of the Internet , 2000 .

[2]  Zubair A. Baig,et al.  Distributed denial-of-service attacks against HTTP/2 services , 2016, Cluster Computing.

[3]  Ryan Hamilton,et al.  QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2 , 2016 .

[4]  Zubair A. Baig,et al.  Low-Rate Denial-of-Service Attacks against HTTP/2 Services , 2015, 2015 5th International Conference on IT Convergence and Security (ICITCS).

[5]  Jens Mache,et al.  Hands-on denial of service lab exercises using SlowLoris and RUDY , 2012, InfoSecCD.

[6]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[7]  Roberto Peon,et al.  HPACK: Header Compression for HTTP/2 , 2015, RFC.

[8]  Martin Thomson,et al.  Hypertext Transfer Protocol Version 2 (HTTP/2) , 2015, RFC.