Slowloris DDoS Defense Mechanism

Objective. The objective of this study is to perform a software analysis of the Slowloris cyberattack and implement a protection mechanism against a Slowloris-type DDoS attack.

Method. PHP was chosen for the development of the software tool, as it has established itself as one of the most popular and widely used languages in web development. The PhpStorm IDE from JetBrains was also selected along with the programming language.

Result. A software mechanism for protection against a Slowloris-type DDoS attack has been developed. The mechanism has several advantages over similar approaches: the software can be used free of charge and is modifiable; it meets modern password strength requirements; it uses the HTTPS protocol for secure connections; it encrypts requests; it hashes user authorization data (login, password) and stores it in a database on the server, etc.

Conclusion. The developed software tool can be used as an embedded protection mechanism for any authorization or registration pages, allowing for the automatic blocking of potentially dangerous connections.

1. Razumov P.V., Safaryan O.A., Cherckesova L.V., et all. “Developing of Algorithm of HTTP Flood DDoS Protection”, IEEE 3rd International Conference on Computer Applications & Information Security, IEEE ICCAIS’20. Saudi Arabia, Er-Riyadh, 2020:1 – 6.

2. Starikov A.A., Lysenko A.V., Klevtsov A.A. “Development and analysis of the performance of the block symmetric encryption algorithm AES using various programming languages”. Young researcher of the Don, 2022; 4 (37): 38 – 41. (In Russ)

3. Dong X., Sun S., Shi D. Quantum Collision Attacks on AES-like Hashing with Low Quantum Random Access Memories, Advances in Cryptology ASIACRYPT-2020, South Korea, Daejeon, Springer International Publishing, Vol. 12492, Pp.727-757 doi: 10.1007/978-3-030-64834-3

4. Al-Odat Z., Abbas A., Khan S. Randomness Analyses of the Secure Hash Algorithms, SHA-1, SHA-2 and modified SHA, 2019 International Conference on Frontiers of Information Technology (FIT), 2019: 31603165. doi: 10.1109/FIT47737.2019.00066

5. Karthiga S. Velmurugan T. Security based Approach of SHA-384 AND SHA-512 Algorithms in Cloud Environment, Journal of Computer Science, 2019;16(10):1439-1450. doi: 10.3844/jcssp.2020.1439.1450

6. Razumov P., Lyashenko K., Cherckesova L., Revyakina E., etc. Development of a System for Protecting against DDoS Attacks at the Level of the OSI Model – HTTP Flood / TransSiberia 2023, E3S Conferences 402, 03008 (2023), Pp 1 – 9, https://doi.org/10.1051/e3sconf/202340203008.

7. Alzahrani, S. and Hong, L. Generation of DDoS Attack Dataset for Effective IDS Development and Evaluation. Journal of Information Security 2018;9:225-241 DOI: 10.4236/jis.2018.94016