Erwin Adi

Distributed denial-of-service attacks against HTTP/2 services

HTTP/2 is the second major version of the HTTP protocol published by the internet engineering steering group. The protocol is designed to improve reliability and performance Such enhancements have thus delineated the protocol as being more vulnerable to distributed denial-of-service (DDoS) attacks when compared to its predecessor. Recent phenomenon showed that legitimate traffic or flash crowds could have high-traffic flow characteristics as seen in DDoS attacks. In this paper, we demonstrate that legitimate HTTP/2 flash crowd traffic can be launched to cause denial of service. To the best of our knowledge, no previous study has been conducted to analyse the effect of both DDoS as well as flash crowd traffic against HTTP/2 services. Results obtained prove the effect of such attacks when tested under four varying protocol-dependant attack scenarios.

Low-Rate Denial-of-Service Attacks against HTTP/2 Services

HTTP/2 is the second major version of the HTTP protocol approved by the Internet Engineering Steering Group (IESG). Although the semantics of how messages are exchanged between clients and servers remains the same, the protocol demands more computing power than its predecessor, HTTP/1.1. Hence HTTP/2 is more vulnerable to Denial-of-Service (DoS) attacks. A variant of the DoS type of attack is to send low-rate traffic that contains resource-hungry instructions, to a victim node. This low-rate DoS attacks can succeed only if the victim hosts an application that consumes large-scale computing resources once activated. With the introduction of HTTP/2, we showed that the attack can be launched at the protocol level by sending low-rate HTTP/2 packets to a web server. To the best of our knowledge, no study has been done on how DoS attacks can be launched against HTTP/2 services. Results obtained prove the effect of a low-rate DoS attack against HTTP/2 services.

Stealthy Denial of Service (DoS) attack modelling and detection for HTTP/2 services

A malicious attack that can prevent establishment of Internet connections to web servers is termed as a Denial of Service (DoS) attack; volume and intensity of which is rapidly growing thanks to the readily available attack tools and the ever-increasing network bandwidths. Contemporary web servers are increasingly vulnerable to such attacks. With the emergence of HTTP/2 as the successor of HTTP/1.x, existing techniques for detecting DoS attacks will not be entirely effective. Though nearly 90% of all contemporary web servers as yet have not migrated to HTTP/2, DoS attack modelling and detection is essential to prevent impending attacks of such kind from the adversary class. This study presents a model of DoS attack traffic that can be directed towards HTTP/2 web servers. The research conducted also extends previous studies that provided DoS attack models against HTTP/2 services, to present a novel and stealthy DoS attack variant that can disrupt routine web services, covertly. The attack traffic analysis conducted in this study employed four machine learning techniques, namely Nave Bayes, Decision Tree, JRip and Support Vector Machines, and stealthy traffic properties are shown through having higher percentages of False Alarms. Results obtained through simulation show promise, and arguments are put forth on how future work can extend the proposed model to create further attack traffic models that may cause severe web service disruptions.

Ubiquitous Public Transportation Route Guide for a Developing Country

Public transportation in developing country such as Indonesia does not have a definite guide that tells where the routes go. Websites that provides such information often misleads since the information changes from time to time. This paper discusses the development of an application to provide updated information about public transportation route guide that can be accessed through a website. The application has worked successfully in searching routes, searching places, adding routes, adding places, editing routes, and editing places for the city of Jakarta, Indonesia. Based on the survey done by author, 73% respondents are willing to use the site and 80% respondents are willing to contribute information to the site. The test showed that 50% of the respondents can use the applications function in the first try without any difficulty. The application has managed to provide useful functions for the target users therefore attracted enough attention to build a growing and informative e-society.