HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks

David Beckett, Sakir Sezer

Research output: Contribution to conferencePaperpeer-review

6 Citations (Scopus)
679 Downloads (Pure)

Abstract

Distributed Denial of Service (DDoS) attack sare a frequent cyber attack vector which cause significant damage to computer systems. Hypertext Transfer Protocol(HTTP), which is the core communication protocol of the internet, has had a major upgrade and is released as RFC 7540. This latest version, HTTP/2, has begun tobe deployed in live systems before comprehensive security studies have been carried out on its risk from DDoS. In this piece of research we explore using experimental methodology, the DDoS risk posed by the upgraded functionality of the HTTP/2 protocol, in particular its risk from a flood attack. Our results show that a website implementing HTTP/2, scales up the flood attack magnitude, increasing the risk from DDoS.
Original languageEnglish
DOIs
Publication statusPublished - 02 Nov 2017
Event2017 Seventh International Conference on Emerging Security Technologies (EST) -
Duration: 06 Sep 201708 Sep 2017

Conference

Conference2017 Seventh International Conference on Emerging Security Technologies (EST)
Period06/09/201708/09/2017

Fingerprint

Dive into the research topics of 'HTTP/2 Cannon: Experimental analysis on HTTP/1 and HTTP/2 Request Flood DDoS Attacks'. Together they form a unique fingerprint.

Cite this