Abstract

Denial of service (DoS) attacks evolved and consolidated as severe security threats to network servers, not only for internet service providers but also for governments. Earlier DoS attacks involved high-bandwidth flood-based approaches exploiting vulnerabilities of networking and transport protocol layers. Subsequently, distributed DoS attacks have been introduced amplifying not only the overall attack bandwidth but also the attack source, thus eluding simple counter measures based on source filtering. Current low bit-rate approaches, instead, exploit vulnerabilities of application layer protocols to accomplish DoS or DDoS attacks. Slow DoS attacks like, e.g., slowloris are particularly dangerous because they can bring down a well equipped server using small attacker’s bandwidth, hence they can effectively run on low performance hosts, such as routers, game consoles, or mobile phones. In this paper, we study slow DoS attacks, analysing in detail the current threats and presenting a proper definition and categorisation for such attacks. Hopefully, our work will provide a useful framework for the study of this field, for the analysis of network vulnerabilities, and for the proposal of innovative intrusion detection methodologies.