Fuzzy Request Set Modelling for Detecting Multiplexed Asymmetric DDoS Attacks on HTTP/2 servers

The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This f...

Full description

Saved in:
Bibliographic Details
Published in:Expert systems with applications 2021-12, Vol.186, p.115697, Article 115697
Main Authors: Praseed, Amit, Thilagam, P. Santhi
Format: Article
Language:English
Subjects:
Application layer
Asymmetric workload
Asymmetry
DDoS
Denial of service attacks
Detection
Fuzzy multiset
Fuzzy sets
Http/2
Multiplexing
Server push
Servers
Steady flow
Traffic flow
User experience
Websites
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The introduction of HTTP/2 has led to a dramatic change in web traffic. The steady flow of requests in HTTP/1.1 has been replaced by bursts of multiple requests, largely due to the introduction of multiplexing in HTTP/2 which allows users to send multiple requests through a single connection. This feature was introduced in order to reduce the page loading time by multiplexing a web page and its associated resources in a single connection. While this feature has significantly improved user experience, it can be misused to launch sophisticated application layer DDoS attacks against HTTP/2 servers. Instead of the intended use of multiplexing, attackers can force the web server to process multiple random requests simultaneously, leading to increased server usage. The use of computationally intensive requests can further exacerbate the situation. These attacks, called Multiplexed Asymmetric Attacks, pose a dangerous threat to HTTP/2 servers and stem from the lack of verification of the multiplexed requests. In this work, an approach to model an HTTP/2 request set as a fuzzy multiset is presented. The proposed approach uses a combination of relative cardinality and request workload to detect multiplexed AL-DDoS attacks. Experiments on open source datasets demonstrate that the proposed approach is able to detect multiplexed AL-DDoS attacks with an accuracy of around 95%, while maintaining a low False Positive Rate (FPR) of around 3%. •Proposes a detection mechanism for multiplexed asymmetric attacks on HTTP/2 servers.•Describes the concept of request sets and valid request sets.•Models an HTTP/2 request set as a Fuzzy Multiset.•Proposes a quantitative approach for describing the validity of a request set.•Demonstrates the efficiency of the proposed detection mechanism.
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2021.115697