We evaluate security of WebSocket, one of HTML5 APIs, in the view of L7 DoS attack and design the countermeasure against Slowloris attack which is known as difficult to be detected by IDS and IPS. It is easy to disable services based on WebSocket by sending partial request packets slowly. The server no longer provide the service since Slowloris attack makes request buffer full. For the solution, we design a dual-buffer based countermeasure. The main features of countermeasure are separation of buffer according to status of connections and request acceptance without limitation. In this countermeasure, we propose structure of request buffer free from fullness by employing circular buffer. The connections after handshake process move out to another buffer not to be affected from the request attack. In our construction, when the request buffer is full, the oldest request would be overwritten with a new request. Finally, our proposal allows the benign requests to be successful during Slowloris attack. Our construction could be also applied to other applications including HTTP, FTP and etc.
CITATION STYLE
Choi, J., Park, J. G., Heo, S., Park, N., & Kim, H. (2017). Slowloris dos countermeasure over websocket. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10144 LNCS, pp. 42–53). Springer Verlag. https://doi.org/10.1007/978-3-319-56549-1_4
Mendeley helps you to discover research relevant for your work.