AdIDoS – adaptive and intelligent fully-automatic detection of denial-of-service weaknesses in web services

2Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Denial-of-Service (DoS) attacks aim to affect availability of applications. They can be executed using several techniques. Most of them are based upon a huge computing power that is used to send a large amount of messages to attacked applications, e.g. web service. Web service apply parsing technologies to process incoming XML messages. This enlarges the amount of attack vectors since attackers get new possibilities to abuse specific parser features and complex parsing techniques. Therefore, web service applications apply various countermeasures, including message length or XML element restrictions. These countermeasures make validations of web service robustness against dos attacks complex and error prone. In this paper, we present a novel adaptive and intelligent approach for testing web services. Our algorithm systematically increases the attack strength and evaluates its impact on a given web serice, using a blackbox approach based on server response times. This allows one to automatically detect message size limits or element count restrictions. We prove the practicability of our approach by implementing a new WS-attacker plugin and detecting new DoS vulnerabilities in widely used web service implementations.

Cite

CITATION STYLE

APA

Altmeier, C., Mainka, C., Somorovsky, J., & Schwenk, J. (2016). AdIDoS – adaptive and intelligent fully-automatic detection of denial-of-service weaknesses in web services. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9481, pp. 65–80). Springer Verlag. https://doi.org/10.1007/978-3-319-29883-2_5

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free