{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,9]],"date-time":"2025-05-09T16:17:09Z","timestamp":1746807429728,"version":"3.40.5"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319788128"},{"type":"electronic","value":"9783319788135"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-78813-5_28","type":"book-chapter","created":{"date-parts":[[2018,4,10]],"date-time":"2018-04-10T06:03:21Z","timestamp":1523340201000},"page":"550-570","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["H$$_{2}$$DoS: An Application-Layer DoS Attack Towards HTTP\/2 Protocol"],"prefix":"10.1007","author":[{"given":"Xiang","family":"Ling","sequence":"first","affiliation":[]},{"given":"Chunming","family":"Wu","sequence":"additional","affiliation":[]},{"given":"Shouling","family":"Ji","sequence":"additional","affiliation":[]},{"given":"Meng","family":"Han","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,11]]},"reference":[{"key":"28_CR1","unstructured":"Mike, B., Roberto, P., Thomson, M: RFC 7540: hypertext transfer protocol version 2 (HTTP\/2). Internet Engineering Task Force (IETF), Google Inc. (2015)"},{"key":"28_CR2","unstructured":"SPDY: An experimental protocol for a faster web. https:\/\/www.chromium.org\/spdy\/spdy-whitepaper"},{"key":"28_CR3","unstructured":"Roberto, P., Ruellan, H.: HPACK: Header Compression for HTTP\/2. No. RFC 7541, Internet Engineering Task Force (2015)"},{"key":"28_CR4","unstructured":"Thai, D., Juliano, R.: The CRIME attack. In: Ekoparty Security Conference (2012)"},{"key":"28_CR5","unstructured":"Radware Emergency Response Team: Global Application & Network Security Report 2016\u20132017 (2016). https:\/\/www.radware.com\/ert-report-2016\/"},{"key":"28_CR6","unstructured":"RSnake, Kinsella, J.: Slowloris HTTP DoS. https:\/\/web.archive.org\/web\/20150426090206\/http:\/\/ha.ckers.org\/slowloris"},{"key":"28_CR7","unstructured":"THC-SSL-DOS. http:\/\/kalilinuxtutorials.com\/thc-ssl-dos\/"},{"key":"28_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-319-30505-9_17","volume-title":"Passive and Active Measurement","author":"M Varvello","year":"2016","unstructured":"Varvello, M., Schomp, K., Naylor, D., Blackburn, J., Finamore, A., Papagiannaki, K.: Is the web HTTP\/2 yet? In: Karagiannis, T., Dimitropoulos, X. (eds.) PAM 2016. LNCS, vol. 9631, pp. 218\u2013232. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30505-9_17"},{"key":"28_CR9","unstructured":"Wang, X.S., Balasubramanian, A., Krishnamurthy, A., Wetherall, D.: How speedy is SPDY? In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pp. 387\u2013399. Usenix Association (2014)"},{"key":"28_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-319-05149-9_12","volume-title":"Information Security Applications","author":"C Meyer","year":"2014","unstructured":"Meyer, C., Schwenk, J.: SoK: lessons learned from SSL\/TLS attacks. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 189\u2013209. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-05149-9_12"},{"key":"28_CR11","unstructured":"Alexa Top Sites, September 2016. http:\/\/www.alexa.com\/topsites"},{"key":"28_CR12","doi-asserted-by":"crossref","unstructured":"Friedl, S., Popov, A., Langley, A., Stephan, E.: Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension, No. RFC 7301, IETF (2014)","DOI":"10.17487\/rfc7301"},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2, No. RFC 5246, IETF (2008)","DOI":"10.17487\/rfc5246"},{"key":"28_CR14","volume-title":"HTTP: The Definitive Guide","author":"G David","year":"2002","unstructured":"David, G., Totty, B.: HTTP: The Definitive Guide. O\u2019Reilly Media, Sebastopol (2002)"},{"key":"28_CR15","unstructured":"Rodola, G.: A cross-platform process and system utilities module for Python. https:\/\/github.com\/giampaolo\/psutil"},{"key":"28_CR16","unstructured":"Fitzpatrick, B.: Http2 in GoDoc. https:\/\/godoc.org\/golang.org\/x\/net\/http2"},{"key":"28_CR17","unstructured":"NGINX Inc: nginx stable version 1.10.0, October 2016. https:\/\/nginx.org\/en\/linux_packages.html#stable"},{"issue":"1","key":"28_CR18","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1109\/TNET.2008.925628","volume":"17","author":"X Yi","year":"2009","unstructured":"Yi, X., Yu, S.-Z.: Monitoring the application-layer DDoS attacks for popular websites. IEEE\/ACM Trans. Netw. (TON) 17(1), 15\u201325 (2009)","journal-title":"IEEE\/ACM Trans. Netw. (TON)"},{"key":"28_CR19","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1109\/TNET.2008.926503","volume":"17","author":"S Ranjan","year":"2009","unstructured":"Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A., Knightly, E.: DDoS-shield: DDoS-resilient scheduling to counter application layer attacks. IEEE\/ACM Trans. Netw. (TON) 17, 26\u201339 (2009)","journal-title":"IEEE\/ACM Trans. Netw. (TON)"},{"key":"28_CR20","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1109\/TIFS.2009.2024719","volume":"4","author":"G Maci-Fernndez","year":"2009","unstructured":"Maci-Fernndez, G., Daz-Verdejo, J.E., Garca-Teodoro, P.: Mathematical model for low-rate DoS attacks against application servers. IEEE Trans. Inf. Forensics Secur. (TIFS) 4, 519\u2013529 (2009)","journal-title":"IEEE Trans. Inf. Forensics Secur. (TIFS)"},{"key":"28_CR21","doi-asserted-by":"crossref","unstructured":"Durcekova, V., Schwartz, L.: Sophisticated denial of service attacks aimed at application layer. In: IELEKTRO, Nahid Shahmehri (2012)","DOI":"10.1109\/ELEKTRO.2012.6225571"},{"key":"28_CR22","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/SURV.2013.031413.00127","volume":"15","author":"ST Zargar","year":"2013","unstructured":"Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15, 2046\u20132069 (2013)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"28_CR23","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.comnet.2017.03.018","volume":"121","author":"HH Jazi","year":"2017","unstructured":"Jazi, H.H., Gonzalez, H., Stakhanova, N., Ali, A.: Detecting HTTP-based application layer DoS attacks on Web servers in the presence of sampling. Comput. Netw. 121, 25\u201336 (2017)","journal-title":"Comput. Netw."},{"key":"28_CR24","unstructured":"Imperva: HTTP\/2: In-depth analysis of the top four flaws of the next generation web protocol (2016). https:\/\/www.imperva.com\/docs\/Imperva_HII_HTTP2.pdf"},{"key":"28_CR25","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1007\/s10586-015-0528-7","volume":"19","author":"E Adi","year":"2016","unstructured":"Adi, E., Baig, Z.A., Hingston, P., Lam, C.-P.: Distributed denial-of-service attacks against HTTP\/2 services. Clust. Comput. 19, 79\u201386 (2016)","journal-title":"Clust. Comput."},{"key":"28_CR26","unstructured":"Redelmeier, I.: The Security Implications of HTTP\/2.0 (2013). http:\/\/www.cs.tufts.edu\/comp\/116\/archive\/fall2013\/iredelmeier.pdf"},{"key":"28_CR27","unstructured":"Larsen, S., Villamil, J.: Attacking HTTP2 implementations. In: 13th PACific SECurity - Applied Security Conferences and Training in Pacific Asia (PacSec) (2015)"},{"key":"28_CR28","unstructured":"Van Goethem, T., Vanhoef, M.: HEIST: HTTP encrypted information can be Stolen through TCP-windows, Blackhat, USA (2016)"},{"key":"28_CR29","unstructured":"(Kate) Pearce, C., Vincent, C.: HTTP\/2 & QUIC - teaching good protocols to do bad things, Blackhat, USA (2016)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-78813-5_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,14]],"date-time":"2019-10-14T17:55:22Z","timestamp":1571075722000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-78813-5_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319788128","9783319788135"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-78813-5_28","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018]]}}}