Detection of Slowloris Attacks using Machine Learning Algorithms

Abstract

The Slowloris attack, a variant of the slow Denial-of-Service (DoS) attack, is a stealthy threat that aims to take down web services provided by companies and institutions. It is able to pass through the traditional defense systems, due to the low amount and high latency of its attack traffic, often mimicking legitimate user traffic. Therefore, it is necessary to investigate techniques that can detect and mitigate this type of attack and simultaneously prevent legitimate user traffic from being blocked. In this work, we investigate nine machine learning algorithms for detecting Slowloris attacks, as well as a new combination based on Fuzzy Logic (FL), Random Forest (RF), and Euclidean Distance (ED) that we call FRE. We first generate Slowloris attack traffic traces in various environments. We then assess these algorithms under two scenarios: hyperparameters with default values and optimized hyperparameters. We show that most of these machine learning algorithms perform very well, with the random forest leading to the best classification results with test accuracy values reaching 99.52%. We also show that our FRE method outperforms all these algorithms, with test accuracy values reaching 99.8%.