Um Estudo Prático sobre o Potencial do Ataque Slowloris a partir de Dispositivos Móveis
Abstract
DdoS attacks have become a real and frequent threat to the sites and services offered globally. This work evaluates the potential of running one of these attacks, the worldwide known Slowloris, from Android mobile devices. Generally run from desktops, Slowloris has been adapted by the authors to run on mobile devices. The attacks were fired from one and two smartphones and with variable intensity (250 to 1000 attackers). Server availability metrics, tts, CPU consumption, and memory were evaluated. It has been found that the harmful potential of the mobile version is as high as the desktop version, consuming very little CPU and memory resources.References
MAKRIDAKIS, A.; ATHANASOPOULOS, E.; ANTONIADES, D.; IOANNIDIS, S.; MARKATOS, E.. Understanding the Behavior of Malicious Applications in Social Networks. IEEE Networks, 2010.
CAMBIASO, E.; PAPALEO, G.; CHIOLA, M.; AIELLO, M. Mobile executions of Slow DoS Attacks. Logic Jnl IGPL, V. 24, No. 1, p. 54–58, 16/10/2015.
R. GANDHI; A. SHARMA; W. MAHONEY; W. SOUSAN; Q. ZHU; P. LAPLANTE. Dimensions of cyber-attacks: Cultural, social, economic, and political,” Technology and Society Magazine, IEEE, vol. 30, no. 1, pp. 28–38, 2011.
S. KUMAR; K. M. CARLEY. Approaches to Understanding the Motivations Behind Cyber Attacks, em Intelligence and Security Informatics. (ISI), 2016 IEEE International Conference em, Tucson, Arizona USA, Set. 2016.
MICROSOFT. Microsoft Library: Security Issues with IP. Disponível em: https://technet.microsoft.com/en-us/library/cc959354.aspx. Acesso em 20/11/2016.
S. KUMAR; K. CARLEY.. Understanding DDoS Cyber-Attacks using Social Media Analytics. IEEE Networks, 2016.
DANTAS, Y, G. Estratégias para tratamento de ataques de negação de serviço na camada de aplicação em redes IP. 2015. 77f. Trabalho de Conclusão de Curso (Especialização) Curso de Ciência da Computação, Universidade Federal da Paraíba, João Pessoa/PB, 2015.
J. LEWIS; S. BAKER. The economic impact of cybercrime and cyber espionage, Center for Strategic and International Studies, Washington,DC, pp. 103–117, 2013.
G. MEZZOUR, Assessing the Global Cyber and Biological Threat, dissertação Ph.D., Symantec Research Labs, 2015.
B. LIU; L. ZHANG. A survey of opinion mining and sentiment analysis, em Mining text data. Springer, 2012, pp. 415–463.
LOIC – Low Orbit Ion Cannon. Disponível em: https://play.google.com/store/apps/details?id=genius.mohammad.loic. Acesso em 12/05/2017.
OP TANGO DOWN, Disponível em: http://www.anonymousbrasil.com/tango-down/. Acesso em 10/06/2017.
DANTAS, Y, G.; NIGAM, V.; FONSECA, I. A Selective Defense for Application Layer DDoS Attacks, Intelligence and Security Informatics Conference (JISIC), Hague, 8/12/2014.
A. KARIM; S. A. A. SHAH; R. B. SALLEH; M. ARIF; R. M. NOOR; S. SHAMSHIRBAND. Mobile Botnet Attacks – an Emerging Threat: Classification, Review and Open Issues. Trans. on Internet and Information Systems, v. 9, 2015.
SLOWLORIS DDoS Attack. Disponível em: https://security.radware.com/ddosknowledge- center/ddospedia/slowloris/. Acesso em 20/11/2016.
PERLDROID. Disponível em: https://code.google.com/archive/p/perl-android-apk/. Acesso em 20/11/2016.
NETCRAFT. NetCraft WebServer Survey. Disponível em: [link]. Acesso em 20/11/2016.
CAMBIASO, E.; PAPALEO, G.; CHIOLA, M.; AIELLO, M. Mobile executions of Slow DoS Attacks. Logic Jnl IGPL, V. 24, No. 1, p. 54–58, 16/10/2015.
R. GANDHI; A. SHARMA; W. MAHONEY; W. SOUSAN; Q. ZHU; P. LAPLANTE. Dimensions of cyber-attacks: Cultural, social, economic, and political,” Technology and Society Magazine, IEEE, vol. 30, no. 1, pp. 28–38, 2011.
S. KUMAR; K. M. CARLEY. Approaches to Understanding the Motivations Behind Cyber Attacks, em Intelligence and Security Informatics. (ISI), 2016 IEEE International Conference em, Tucson, Arizona USA, Set. 2016.
MICROSOFT. Microsoft Library: Security Issues with IP. Disponível em: https://technet.microsoft.com/en-us/library/cc959354.aspx. Acesso em 20/11/2016.
S. KUMAR; K. CARLEY.. Understanding DDoS Cyber-Attacks using Social Media Analytics. IEEE Networks, 2016.
DANTAS, Y, G. Estratégias para tratamento de ataques de negação de serviço na camada de aplicação em redes IP. 2015. 77f. Trabalho de Conclusão de Curso (Especialização) Curso de Ciência da Computação, Universidade Federal da Paraíba, João Pessoa/PB, 2015.
J. LEWIS; S. BAKER. The economic impact of cybercrime and cyber espionage, Center for Strategic and International Studies, Washington,DC, pp. 103–117, 2013.
G. MEZZOUR, Assessing the Global Cyber and Biological Threat, dissertação Ph.D., Symantec Research Labs, 2015.
B. LIU; L. ZHANG. A survey of opinion mining and sentiment analysis, em Mining text data. Springer, 2012, pp. 415–463.
LOIC – Low Orbit Ion Cannon. Disponível em: https://play.google.com/store/apps/details?id=genius.mohammad.loic. Acesso em 12/05/2017.
OP TANGO DOWN, Disponível em: http://www.anonymousbrasil.com/tango-down/. Acesso em 10/06/2017.
DANTAS, Y, G.; NIGAM, V.; FONSECA, I. A Selective Defense for Application Layer DDoS Attacks, Intelligence and Security Informatics Conference (JISIC), Hague, 8/12/2014.
A. KARIM; S. A. A. SHAH; R. B. SALLEH; M. ARIF; R. M. NOOR; S. SHAMSHIRBAND. Mobile Botnet Attacks – an Emerging Threat: Classification, Review and Open Issues. Trans. on Internet and Information Systems, v. 9, 2015.
SLOWLORIS DDoS Attack. Disponível em: https://security.radware.com/ddosknowledge- center/ddospedia/slowloris/. Acesso em 20/11/2016.
PERLDROID. Disponível em: https://code.google.com/archive/p/perl-android-apk/. Acesso em 20/11/2016.
NETCRAFT. NetCraft WebServer Survey. Disponível em: [link]. Acesso em 20/11/2016.
Published
2017-11-06
How to Cite
AVERSARI, Lucas O. C.; KULESZA, Raoni; MOREIRA, Josilene A..
Um Estudo Prático sobre o Potencial do Ataque Slowloris a partir de Dispositivos Móveis. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 17. , 2017, Brasília.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 494-500.
DOI: https://doi.org/10.5753/sbseg.2017.19523.
