Elektrotechnika
36 (1/2017), DOI: 10.7862/re.2017.6
Assessment of the vulnerability of the Apache server to DDoS attaks
Mariusz NYCZ, Tomasz SZELIGA, Piotr HAJDER
DOI: 10.7862/re.2017.6
Abstract
The article presents an analysis of the vulnerability of the Apache server with regard to common DDoS attacks. The paper begins with presenting the statistical overview of the issue of denial-of-service attacks. We also discuss the methods used for performing DDoS attacks. Working with the virtual systems, the authors designed a test environment, where the assessment was conducted of the vulnerability of selected WWW systems. At the end of the article, actions are proposed to implement effective methods of defending against the denial-of-service attacks.The paper is written for the specialists in the field of web systems security.
References
[1] Web Server Survey - Web server developers: Market share of active sites. Available: https://www.netcraft.com/internet-data-mining/ [Access: 10.03.2017]
[2] W. Stallings: „Kryptografia i bezpieczeństwo sieci komputerowych. Koncepcje i metody bezpiecznej komunikacji”, Helion, Gliwice 2012.
[3] Akamai’s [state of the internet] / security – Q4 2016 report. Available: https://www.stateoftheinternet.com/downloads/pdfs/2015-cloud-security-reportq3.pdf [Access: 15.03.2017]
[4] S.T. Zargar, J. Joshi, D. Tipper: “A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks”, IEEE communications surveys & tutorials, vol. 15, no. 4, fourth quarter 2013.
[5] Ch. Douligeris, A. Mitrokotsa: “DDoS attacks and defense mechanisms a classification”, Department of Informatics University of Piraeus, Piraeus, Greece.
[6] M. Poongothai, M. Sathyakala: “Simulation and Analysis of DDoS Attacks”, International Conference on Emerging Trends in Science, Engineering and Technology, 2012.
[7] Security Labs: How to Protect Against Slow HTTP Attacks [Online]. Available: https://blog.qualys.com/securitylabs/2011/11/02/how-to-protect-against-slow-httpattacks [Access: 30.03.2017]
[8] cunetix: How To Mitigate Slow HTTP DoS Attacks in the Apache HTTP Server [Online]. Available: https://www.acunetix.com/blog/[Access: 30.03.2017]
[9] Apache Security: Denial of Service Attacks [Online]. Available: https://www.feistyduck.com/library/apache-security/online/apachesc-CHP-5.html [Access: 01.04.2017]
[10] Ataki Slow HTTP DoS (cz. 1.) – Slowloris, [Online]. Available: http://sekurak.pl/ataki-slow-http-dos-cz-1-slowloris/ [Access: 01.04.2017]
[11] Securing the Apache, Part 8: DoS & DDoS Attacks, [Online]. Available: http://opensourceforu.efytimes.com/2011/04/securing-apache-part-8-dos-ddosattacks/ [Access: 10.04.2017]
[12] R.U.D.Y. (R-U-Dead-Yet): DDoS Attack Glossary [Online]. Available: https://www.incapsula.com/ddos/attack-glossary/rudy-r-u-dead-yet.html [Access: 10.04.2017]
[13] Understanding the Apache 2 MPM (worker vs prefork) [Online]. Available: https://www.garron.me/en/blog/apache2-mpm-worker-prefork-php.html [Access: 06.04.2017]
[14] K. Geetha: SYN flooding attack — “Identification and analysis”, Information Communication and Embedded Systems (ICICES), 2014 International Conference on, 2014.
[15] N. Shipilov, K. Borisenko, A. Shorov: “Simulation of DDoS-attacks and protection mechanisms against them”, Young Researchers in Electrical and Electronic Engineering Conference 2015 IEEE NW Russia, 2015.
[16] J. Brynielsson: “Detectability of low-rate HTTP server DoS attacks using spectral analysis”, International Conference on Advances in Social Networks Analysis and Mining, 2015.
About this Article
TITLE:
Assessment of the vulnerability of the Apache server to DDoS attaks
AUTHORS:
Mariusz NYCZ (1)
Tomasz SZELIGA (2)
Piotr HAJDER (3)
AUTHORS AFFILIATIONS:
(1) .Politechnika Rzeszowska, Zakład Systemów Złożonyc
(2) Politechnika Rzeszowska, Zakład Systemów Złożonych
(3) Akademia Górniczo-Hutnicza w Krakowie
JOURNAL:
Elektrotechnika
36 (1/2017)
KEY WORDS AND PHRASES:
DDoS Attack; security; the Apache; web server
FULL TEXT:
http://doi.prz.edu.pl/pl/pdf/elektrotechnika/88
DOI:
10.7862/re.2017.6
URL:
http://dx.doi.org/10.7862/re.2017.6
RECEIVED:
2017-05-29
COPYRIGHT:
Publishing House of Rzeszow University of Technology Powstańców Warszawy 12, 35-959 Rzeszow