Detection of Low-Rate DoS Attacks againstHTTP Servers using Spectral Analysis

Abstract: Denial-of-Service (DoS) attacks pose a serious threat to any service provider on the Internet. While traditional DoS flooding attacks require the attacker to control at least as much resources as the service provider in order to be effective, so called lowrate DoS attacks can exploit weaknesses in careless design to effectively deny a service using minimal amounts of network traffic.This thesis investigates one such weakness in version 2.2 of the popular Apache HTTP Server software. The weakness regards how the server handles the persistent connection feature in HTTP 1.1. An attack simulator exploiting this weakness has been developed and shown to be effective. The attack was then studied with spectral analysis with the purpose of examining how well the attack could be detected.In line with other papers on spectral analysis of lowrate DoS attacks,the results show that there are disproportionate amounts of energyin the lower frequencies when the attack is present. However, by randomising the attack pattern, an attacker can reduce the disproportionto a degree where it might be impossible to correctly identify an attack in a real world scenario.