Assessment of the vulnerability of the Apache server to DDoS attaks

The article presents an analysis of the vulnerability of the Apache server with regard to common DDoS attacks. The paper begins with presenting the statistical overview of the issue of denial-of-service attacks. We also discuss the methods used for performing DDoS attacks. Working with the virtual systems, the authors designed a test environment, where the assessment was conducted of the vulnerability of selected WWW systems. At the end of the article, actions are proposed to implement effective methods of defending against the denial-of-service attacks.The paper is written for the specialists in the field of web systems security.

Full text (pdf)

[1] Web Server Survey - Web server developers: Market share of active sites. Available: https://www.netcraft.com/internet-data-mining/ [Access: 10.03.2017]
[2] W. Stallings: „Kryptografia i bezpieczeństwo sieci komputerowych. Koncepcje i metody bezpiecznej komunikacji”, Helion, Gliwice 2012.
[3] Akamai’s [state of the internet] / security – Q4 2016 report. Available: https://www.stateoftheinternet.com/downloads/pdfs/2015-cloud-security-reportq3.pdf [Access: 15.03.2017]
[4] S.T. Zargar, J. Joshi, D. Tipper: “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE communications surveys & tutorials, vol. 15, no. 4, fourth quarter 2013.
[5] Ch. Douligeris, A. Mitrokotsa: “DDoS attacks and defense mechanisms a classification”, Department of Informatics University of Piraeus, Piraeus, Greece.
[6] M. Poongothai, M. Sathyakala: “Simulation and Analysis of DDoS Attacks”, International Conference on Emerging Trends in Science, Engineering and Technology, 2012.
[7] Security Labs: How to Protect Against Slow HTTP Attacks [Online]. Available: https://blog.qualys.com/securitylabs/2011/11/02/how-to-protect-against-slow-httpattacks [Access: 30.03.2017]
[8] cunetix: How To Mitigate Slow HTTP DoS Attacks in the Apache HTTP Server [Online]. Available: https://www.acunetix.com/blog/[Access: 30.03.2017]
[9] Apache Security: Denial of Service Attacks [Online]. Available: https://www.feistyduck.com/library/apache-security/online/apachesc-CHP-5.html [Access: 01.04.2017]
[10] Ataki Slow HTTP DoS (cz. 1.) – Slowloris, [Online]. Available: http://sekurak.pl/ataki-slow-http-dos-cz-1-slowloris/ [Access: 01.04.2017]
[11] Securing the Apache, Part 8: DoS & DDoS Attacks, [Online]. Available: http://opensourceforu.efytimes.com/2011/04/securing-apache-part-8-dos-ddosattacks/ [Access: 10.04.2017]
[12] R.U.D.Y. (R-U-Dead-Yet): DDoS Attack Glossary [Online]. Available: https://www.incapsula.com/ddos/attack-glossary/rudy-r-u-dead-yet.html [Access: 10.04.2017]
[13] Understanding the Apache 2 MPM (worker vs prefork) [Online]. Available: https://www.garron.me/en/blog/apache2-mpm-worker-prefork-php.html [Access: 06.04.2017]
[14] K. Geetha: SYN flooding attack — “Identification and analysis”, Information Communication and Embedded Systems (ICICES), 2014 International Conference on, 2014.
[15] N. Shipilov, K. Borisenko, A. Shorov: “Simulation of DDoS-attacks and protection mechanisms against them”, Young Researchers in Electrical and Electronic Engineering Conference 2015 IEEE NW Russia, 2015.
[16] J. Brynielsson: “Detectability of low-rate HTTP server DoS attacks using spectral analysis”, International Conference on Advances in Social Networks Analysis and Mining, 2015.