Hypertext transfer protocol performance analysis in traditional and software defined networks during Slowloris attack

Abstract

<p>The extensive use of the internet has resulted in novel technologies and protocol improvisation. Hypertext transfer protocol/1.1 (HTTP/1.1) is widely adapted on the internet. However, HTTP/2 is found to be more efficient over transport control protocol (TCP). The HTTP/2 protocol can withstand the payload overhead when compared to HTTP/1.1 by multiplexing multiple requests. However, both the protocols are highly susceptible to application-level denial of service (DoS) attacks. In this research, a slow-rate DoS attack called Slowloris is detected over Apache2 servers enabled with both versions of HTTP in traditional networks and software defined networks (SDN). Server metrics such as server connection time to the webpage, latency in receiving a response from the server, page load time, response-response gap, and inter-packet arrival time at the server are monitored to analyze attack activity. A Monte Carlo simulation is used to estimate threshold values for server connection time and latency for attack detection. This work is implemented in a lab environment using virtual machines, Ryu controller, zodiac FX OpenFlow switch and Apache2 servers. This study also highlights SDN's security benefits over traditional networks.</p>