Research Article
HDoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol
@INPROCEEDINGS{10.1007/978-3-319-78813-5_28, author={Xiang Ling and Chunming Wu and Shouling Ji and Meng Han}, title={HDoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Web security DoS attack HTTP/2 protocol}, doi={10.1007/978-3-319-78813-5_28} }- Xiang Ling
Chunming Wu
Shouling Ji
Meng Han
Year: 2018
HDoS: An Application-Layer DoS Attack Towards HTTP/2 Protocol
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_28
Abstract
HTTP/2, as the latest version of application layer protocol, is experiencing an exponentially increasing adoption by both servers and browsers. Due to the new features introduced by HTTP/2, many security threats emerge in the deployment of HTTP/2. In this paper, we focus on application-layer DoS attacks in HTTP/2 and present a novel HDoS attack that exploits multiplexing and flow-control mechanisms of HTTP/2. We first perform a large-scale measurement to investigate the deployment of HTTP/2. Then, based on measurement results, we test HDoS under a general experimental setting, where the server-side HTTP/2 implementation is . Our comprehensive tests demonstrate both the feasibility and severity of HDoS attack. We find that HDoS attack results in completely denying requests from legitimate clients and has severe impacts on victim servers. Our work underscores the emerging security threats arise in HTTP/2, which has significant reference value to other researchers and the security development of HTTP/2.
