Ferramenta para Detecção e Contenção de Ataques Slowloris
Resumo
Ataques de negação de serviço na camada de aplicação trazem um desafio adicional em sua detecção por ferramentas de segurança devido a utilização de vulnerabilidades específicas da aplicação. Este trabalho apresenta uma ferramenta para detecção e contenção de ataque Slowloris. A ferramenta atua por meio de três módulos distintos, distribuídos nos roteadores, servidores WEB e em um Concentrador. Os módulos atuam em conjunto para detectar e conter o ataque através da análise do padrão de comportamento do ataque. Os testes realizados em laboratório demonstram que a ferramenta detecta o comportamento anômalo do Slowloris e consequentemente bloqueia o atacante antes da saturação dos recursos da vítima.Referências
Albin, E. (2011). A comparative analysis of the snort and suricata intrusion-detection systems. Technical report, NAVAL POSTGRADUATE SCHOOL MONTEREY CA.
Barrios Quintanilla, A. and Silva Filho, D. P. d. (2017). Ataques de negação de serviço na camada de aplicação: estudo de ataques lentos ao protocolo http.
Carl, G., Kesidis, G., Brooks, R. R., and Rai, S. (2006). Denial-of-service attack-detection techniques. IEEE Internet computing, 10(1):82–89.
Corrêa, A. L. R. and Martins, H. P. (2013). Monitoramento de ataques de negação de serviço: Um caso prático utilizando slowloris. Faculdade de Tecnologia de Bauru (FATEC).
da Silva, C. A. M., Gonçalves, J. A., da Silva Faria, V., de Britto Vieira, G., and Mascarenhas, D. M. (2016). Iremac: Um ips para ataques internos. XXXIV Simpósio Brasileiro de Telecomunicações e Processamento de Sinais.
Dantas, Y. G., Nigam, V., and Fonseca, I. E. (2014). A selective defense for application layer ddos attacks. In 2014 IEEE Joint Intelligence and Security Informatics Conference, pages 75–82. IEEE.
Day, D. and Burns, B. (2011). A performance analysis of snort and suricata network intrusion detection and prevention engines. In Fifth International Conference on Digital Society, Gosier, Guadeloupe, pages 187–192.
de Sousa Araújo, T. E., Matos, F. M., and Moreira, J. A. (2017). Intrusion detection systems' performance for distributed denial-of-service attack. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pages 1–6. IEEE.
Durcekova, V., Schwartz, L., and Shahmehri, N. (2012). Sophisticated denial of service attacks aimed at application layer. In 2012 ELEKTRO, pages 55–60. IEEE.
Goncalves, J. A., Faria, V. S., Vieira, G. B., Silva, C. A., and Mascarenhas, D. M. (2017). Widip: Wireless distributed ips for ddos attacks. In 2017 1st Cyber Security in Networking Conference (CSNet), pages 1–3. IEEE.
Gu, Q. and Liu, P. (2007). Denial of service attacks. Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, 3:454–468.
Merino, B. (2013). Instant trafc analysis with Tshark how-to. Packt Publishing Ltd. Orebaugh, A., Ramirez, G., and Beale, J. (2006). Wireshark & Ethereal network protocol analyzer toolkit. Elsevier.
Papadie, R. and Apostol, I. (2017). Analyzing websites protection mechanisms against In 2017 9th International Conference on Electronics, Computers and ddos attacks
Articial Intelligence (ECAI), pages 1–6. IEEE.
Pascoal, T. A., Correa, J. H., Brayner, R., Nigam, V., and Fonseca, I. E. (2017). Módulo de proteção contra ataques de negação de serviço na camada de aplicação: uma análise de qualidade de serviço e experiência de usuário. In Anais do XXXV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. SBC.
Sangeetha, S. B. Ddos deate and apf (advanced policy rewall): A report.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 318–322. IEEE.
Singh, K., Singh, P., and Kumar, K. (2018). User behavior analytics-based classication of application layer http-get ood attacks. Journal of Network and Computer Applications, 112:97–114.
Toklu, S. and Simsek, M. (2018). Two-layer approach for mixed high-rate and low-rate distributed denial of service (ddos) attack detection and ltering. Arabian Journal for Science and Engineering, 43(12):7923–7931.
Tripathi, N. and Hubballi, N. (2018). Slow rate denial of service attacks against http/2 and detection. Computers & security, 72:255–272.
Tripathi, N., Hubballi, N., and Singh, Y. (2016). How secure are web servers? an empirical study of slow http dos attacks and detection. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 454–463. IEEE.
Yuan, H., Xia, Y., Yang, H., and Yuan, Y. (2018). Resilient control for wireless networked International Journal of control systems under dos attack via a hierarchical game. Robust and Nonlinear Control, 28(15):4604–4623.
Barrios Quintanilla, A. and Silva Filho, D. P. d. (2017). Ataques de negação de serviço na camada de aplicação: estudo de ataques lentos ao protocolo http.
Carl, G., Kesidis, G., Brooks, R. R., and Rai, S. (2006). Denial-of-service attack-detection techniques. IEEE Internet computing, 10(1):82–89.
Corrêa, A. L. R. and Martins, H. P. (2013). Monitoramento de ataques de negação de serviço: Um caso prático utilizando slowloris. Faculdade de Tecnologia de Bauru (FATEC).
da Silva, C. A. M., Gonçalves, J. A., da Silva Faria, V., de Britto Vieira, G., and Mascarenhas, D. M. (2016). Iremac: Um ips para ataques internos. XXXIV Simpósio Brasileiro de Telecomunicações e Processamento de Sinais.
Dantas, Y. G., Nigam, V., and Fonseca, I. E. (2014). A selective defense for application layer ddos attacks. In 2014 IEEE Joint Intelligence and Security Informatics Conference, pages 75–82. IEEE.
Day, D. and Burns, B. (2011). A performance analysis of snort and suricata network intrusion detection and prevention engines. In Fifth International Conference on Digital Society, Gosier, Guadeloupe, pages 187–192.
de Sousa Araújo, T. E., Matos, F. M., and Moreira, J. A. (2017). Intrusion detection systems' performance for distributed denial-of-service attack. In 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pages 1–6. IEEE.
Durcekova, V., Schwartz, L., and Shahmehri, N. (2012). Sophisticated denial of service attacks aimed at application layer. In 2012 ELEKTRO, pages 55–60. IEEE.
Goncalves, J. A., Faria, V. S., Vieira, G. B., Silva, C. A., and Mascarenhas, D. M. (2017). Widip: Wireless distributed ips for ddos attacks. In 2017 1st Cyber Security in Networking Conference (CSNet), pages 1–3. IEEE.
Gu, Q. and Liu, P. (2007). Denial of service attacks. Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, 3:454–468.
Merino, B. (2013). Instant trafc analysis with Tshark how-to. Packt Publishing Ltd. Orebaugh, A., Ramirez, G., and Beale, J. (2006). Wireshark & Ethereal network protocol analyzer toolkit. Elsevier.
Papadie, R. and Apostol, I. (2017). Analyzing websites protection mechanisms against In 2017 9th International Conference on Electronics, Computers and ddos attacks
Articial Intelligence (ECAI), pages 1–6. IEEE.
Pascoal, T. A., Correa, J. H., Brayner, R., Nigam, V., and Fonseca, I. E. (2017). Módulo de proteção contra ataques de negação de serviço na camada de aplicação: uma análise de qualidade de serviço e experiência de usuário. In Anais do XXXV Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. SBC.
Sangeetha, S. B. Ddos deate and apf (advanced policy rewall): A report.
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., and Mishra, A. K. (2018). Performance comparison and analysis of slowloris, goldeneye and xerxes ddos attack tools. In 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pages 318–322. IEEE.
Singh, K., Singh, P., and Kumar, K. (2018). User behavior analytics-based classication of application layer http-get ood attacks. Journal of Network and Computer Applications, 112:97–114.
Toklu, S. and Simsek, M. (2018). Two-layer approach for mixed high-rate and low-rate distributed denial of service (ddos) attack detection and ltering. Arabian Journal for Science and Engineering, 43(12):7923–7931.
Tripathi, N. and Hubballi, N. (2018). Slow rate denial of service attacks against http/2 and detection. Computers & security, 72:255–272.
Tripathi, N., Hubballi, N., and Singh, Y. (2016). How secure are web servers? an empirical study of slow http dos attacks and detection. In 2016 11th International Conference on Availability, Reliability and Security (ARES), pages 454–463. IEEE.
Yuan, H., Xia, Y., Yang, H., and Yuan, Y. (2018). Resilient control for wireless networked International Journal of control systems under dos attack via a hierarchical game. Robust and Nonlinear Control, 28(15):4604–4623.
Publicado
02/09/2019
Como Citar
FARIA, Vinicius; GONÇALVES, Jéssica; SILVA, Camila; VIEIRA, Gabriele; MASCARENHAS, Dalbert.
Ferramenta para Detecção e Contenção de Ataques Slowloris. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 183-196.
DOI: https://doi.org/10.5753/sbseg.2019.13971.