Nasze serwisy używają informacji zapisanych w plikach cookies. Korzystając z serwisu wyrażasz zgodę na używanie plików cookies zgodnie z aktualnymi ustawieniami przeglądarki, które możesz zmienić w dowolnej chwili. Więcej informacji odnośnie plików cookies.

Obowiązek informacyjny wynikający z Ustawy z dnia 16 listopada 2012 r. o zmianie ustawy – Prawo telekomunikacyjne oraz niektórych innych ustaw.

Wyłącz komunikat

 
 

Logowanie

Logowanie za pomocą Centralnej Usługi Uwierzytelniania PRz. Po zakończeniu pracy nie zapomnij zamknąć przeglądarki.

Elektrotechnika

Elektrotechnika
36 (1/2017), DOI: 10.7862/re.2017.6

Assessment of the vulnerability of the Apache server to DDoS attaks

Mariusz NYCZ, Tomasz SZELIGA, Piotr HAJDER

DOI: 10.7862/re.2017.6

Abstract

The article presents an analysis of the vulnerability of the Apache server with regard to common DDoS attacks. The paper begins with presenting the statistical overview of the issue of denial-of-service attacks. We also discuss the methods used for performing DDoS attacks. Working with the virtual systems, the authors designed a test environment, where the assessment was conducted of the vulnerability of selected WWW systems. At the end of the article, actions are proposed to implement effective methods of defending against the denial-of-service attacks.The paper is written for the specialists in the field of web systems security.

Full text (pdf)

References

[1] Web Server Survey - Web server developers: Market share of active sites. Available: https://www.netcraft.com/internet-data-mining/ [Access: 10.03.2017]
[2] W. Stallings: „Kryptografia i bezpieczeństwo sieci komputerowych. Koncepcje i metody bezpiecznej komunikacji”, Helion, Gliwice 2012.
[3] Akamai’s [state of the internet] / security – Q4 2016 report. Available: https://www.stateoftheinternet.com/downloads/pdfs/2015-cloud-security-reportq3.pdf [Access: 15.03.2017]
[4] S.T. Zargar, J. Joshi, D. Tipper: “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE communications surveys & tutorials, vol. 15, no. 4, fourth quarter 2013.
[5] Ch. Douligeris, A. Mitrokotsa: “DDoS attacks and defense mechanisms a classification”, Department of Informatics University of Piraeus, Piraeus, Greece.
[6] M. Poongothai, M. Sathyakala: “Simulation and Analysis of DDoS Attacks”, International Conference on Emerging Trends in Science, Engineering and Technology, 2012.
[7] Security Labs: How to Protect Against Slow HTTP Attacks [Online]. Available: https://blog.qualys.com/securitylabs/2011/11/02/how-to-protect-against-slow-httpattacks [Access: 30.03.2017]
[8] cunetix: How To Mitigate Slow HTTP DoS Attacks in the Apache HTTP Server [Online]. Available: https://www.acunetix.com/blog/[Access: 30.03.2017]
[9] Apache Security: Denial of Service Attacks [Online]. Available: https://www.feistyduck.com/library/apache-security/online/apachesc-CHP-5.html [Access: 01.04.2017]
[10] Ataki Slow HTTP DoS (cz. 1.) – Slowloris, [Online]. Available: http://sekurak.pl/ataki-slow-http-dos-cz-1-slowloris/ [Access: 01.04.2017]
[11] Securing the Apache, Part 8: DoS & DDoS Attacks, [Online]. Available: http://opensourceforu.efytimes.com/2011/04/securing-apache-part-8-dos-ddosattacks/ [Access: 10.04.2017]
[12] R.U.D.Y. (R-U-Dead-Yet): DDoS Attack Glossary [Online]. Available: https://www.incapsula.com/ddos/attack-glossary/rudy-r-u-dead-yet.html [Access: 10.04.2017]
[13] Understanding the Apache 2 MPM (worker vs prefork) [Online]. Available: https://www.garron.me/en/blog/apache2-mpm-worker-prefork-php.html [Access: 06.04.2017]
[14] K. Geetha: SYN flooding attack — “Identification and analysis”, Information Communication and Embedded Systems (ICICES), 2014 International Conference on, 2014.
[15] N. Shipilov, K. Borisenko, A. Shorov: “Simulation of DDoS-attacks and protection mechanisms against them”, Young Researchers in Electrical and Electronic Engineering Conference 2015 IEEE NW Russia, 2015.
[16] J. Brynielsson: “Detectability of low-rate HTTP server DoS attacks using spectral analysis”, International Conference on Advances in Social Networks Analysis and Mining, 2015.

About this Article

TITLE:
Assessment of the vulnerability of the Apache server to DDoS attaks

AUTHORS:
Mariusz NYCZ (1)
Tomasz SZELIGA (2)
Piotr HAJDER (3)

AUTHORS AFFILIATIONS:
(1) .Politechnika Rzeszowska, Zakład Systemów Złożonyc
(2) Politechnika Rzeszowska, Zakład Systemów Złożonych
(3) Akademia Górniczo-Hutnicza w Krakowie

JOURNAL:
Elektrotechnika
36 (1/2017)

KEY WORDS AND PHRASES:
DDoS Attack; security; the Apache; web server

FULL TEXT:
http://doi.prz.edu.pl/pl/pdf/elektrotechnika/88

DOI:
10.7862/re.2017.6

URL:
http://dx.doi.org/10.7862/re.2017.6

RECEIVED:
2017-05-29

COPYRIGHT:
Publishing House of Rzeszow University of Technology Powstańców Warszawy 12, 35-959 Rzeszow

POLITECHNIKA RZESZOWSKA im. Ignacego Łukasiewicza; al. Powstańców Warszawy 12, 35-959 Rzeszów
tel.: +48 17 865 11 00, fax.: +48 17 854 12 60
Administrator serwisu: