{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T19:10:17Z","timestamp":1773774617409,"version":"3.50.1"},"reference-count":45,"publisher":"MDPI AG","issue":"16","license":[{"start":{"date-parts":[[2021,8,13]],"date-time":"2021-08-13T00:00:00Z","timestamp":1628812800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100014809","name":"Technology Agency of the Czech Republic","doi-asserted-by":"publisher","award":["FW01010474"],"award-info":[{"award-number":["FW01010474"]}],"id":[{"id":"10.13039\/100014809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>In today\u2019s world, the volume of cyber attacks grows every year. These attacks can cause many people or companies high financial losses or loss of private data. One of the most common types of attack on the Internet is a DoS (denial-of-service) attack, which, despite its simplicity, can cause catastrophic consequences. A slow DoS attack attempts to make the Internet service unavailable to users. Due to the small data flows, these attacks are very similar to legitimate users with a slow Internet connection. Accurate detection of these attacks is one of the biggest challenges in cybersecurity. In this paper, we implemented our proposal of eleven major and most dangerous slow DoS attacks and introduced an advanced attack generator for testing vulnerabilities of protocols, servers, and services. The main motivation for this research was the absence of a similarly comprehensive generator for testing slow DoS vulnerabilities in network systems. We built an experimental environment for testing our generator, and then we performed a security analysis of the five most used web servers. Based on the discovered vulnerabilities, we also discuss preventive and detection techniques to mitigate the attacks. In future research, our generator can be used for testing slow DoS security vulnerabilities and increasing the level of cyber security of various network systems.<\/jats:p>","DOI":"10.3390\/s21165473","type":"journal-article","created":{"date-parts":[[2021,8,13]],"date-time":"2021-08-13T09:22:38Z","timestamp":1628846558000},"page":"5473","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Generator of Slow Denial-of-Service Cyber Attacks"],"prefix":"10.3390","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2896-2303","authenticated-orcid":false,"given":"Marek","family":"Sikora","sequence":"first","affiliation":[{"name":"Department of Telecommunications, Faculty of Electrical Engineering and Communications, Brno University of Technology, Technicka 12, 616 00 Brno, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8319-0633","authenticated-orcid":false,"given":"Radek","family":"Fujdiak","sequence":"additional","affiliation":[{"name":"Department of Telecommunications, Faculty of Electrical Engineering and Communications, Brno University of Technology, Technicka 12, 616 00 Brno, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5972-9037","authenticated-orcid":false,"given":"Karel","family":"Kuchar","sequence":"additional","affiliation":[{"name":"Department of Telecommunications, Faculty of Electrical Engineering and Communications, Brno University of Technology, Technicka 12, 616 00 Brno, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5584-2948","authenticated-orcid":false,"given":"Eva","family":"Holasova","sequence":"additional","affiliation":[{"name":"Department of Telecommunications, Faculty of Electrical Engineering and Communications, Brno University of Technology, Technicka 12, 616 00 Brno, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5023-7757","authenticated-orcid":false,"given":"Jiri","family":"Misurec","sequence":"additional","affiliation":[{"name":"Department of Telecommunications, Faculty of Electrical Engineering and Communications, Brno University of Technology, Technicka 12, 616 00 Brno, Czech Republic"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2021,8,13]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"1550147717741463","DOI":"10.1177\/1550147717741463","article-title":"A survey of distributed denial-of-service attack, prevention, and mitigation techniques","volume":"13","author":"Mahjabin","year":"2017","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Cambiaso, E., Papaleo, G., and Aiello, M. (2012). Taxonomy of Slow DoS Attacks to Web Applications. Recent Trends in Computer Networks and Distributed Systems Security, Springer.","DOI":"10.1007\/978-3-642-34135-9_20"},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1504\/IJTMCC.2013.056440","article-title":"Slow DoS attacks","volume":"1","author":"Cambiaso","year":"2013","journal-title":"Int. J. Trust Manag. Comput. Commun."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3448291","article-title":"Application Layer Denial-of-Service Attacks and Defense Mechanisms: A Survey","volume":"54","author":"Tripathi","year":"2021","journal-title":"ACM Comput. Surv."},{"key":"ref_5","unstructured":"Shekyan, S. (2021, August 12). Are You Ready for Slow Reading? Qualis 2012. Available online: https:\/\/blog.qualys.com\/vulnerabilities-threat-research\/2012\/01\/05\/slow-read."},{"key":"ref_6","unstructured":"Cline, K.R., Kustarz, C., Hand, C.R., and Huston, L.B. (2014). Method and Protection System for Mitigating Slow HTTP Attacks Using Rate and Time Monitoring. (8,856,913), U.S. Patent."},{"key":"ref_7","unstructured":"Shekyan, S. (2021, August 12). How to Protect Against Slow HTTP Attacks?. Available online: https:\/\/blog.qualys.com\/vulnerabilities-threat-research\/2011\/11\/02\/how-to-protect-against-slow-http-attacks."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Sikora, M., Gerlich, T., and Malina, L. (2019, January 28\u201330). On Detection and Mitigation of Slow Rate Denial of Service Attacks. Proceedings of the 2019 11th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), Dublin, Ireland.","DOI":"10.1109\/ICUMT48472.2019.8970844"},{"key":"ref_9","first-page":"23","article-title":"Slowcomm: Design, development and performance evaluation of a new slow DoS attack","volume":"35","author":"Cambiaso","year":"2017","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Cambiaso, E., Papaleo, G., Aiello, M., and Chiola, G. (2015). Designing and Modeling the Slow Next DoS Attack. International Joint Conference, Springer.","DOI":"10.1007\/978-3-319-19713-5_22"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Cambiaso, E., Aiello, M., Mongelli, M., and Vaccari, I. (2020). Detection and Classification of Slow DoS Attacks Targeting Network Servers. Proceedings of the 15th International Conference on Availability, Reliability and Security (ARES\u201920), Association for Computing Machinery.","DOI":"10.1145\/3407023.3409198"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Aiello, M., Cambiaso, E., Mongelli, M., and Papaleo, G. (2014, January 13\u201316). An On-Line Intrusion Detection Approach to Identify Low-Rate DoS Attacks. Proceedings of the 2014 International Carnahan Conference on Security Technology (ICCST), Rome, Italy.","DOI":"10.1109\/CCST.2014.6987039"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Phan, T.V., Gias, T.M.R., Islam, S.T., Huong, T.T., Thanh, N.H., and Bauschert, T. (2019, January 9\u201313). Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework. Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9013585"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"688","DOI":"10.1109\/LCOMM.2017.2766636","article-title":"SDN-Assisted Slow HTTP DDoS Attack Defense Method","volume":"22","author":"Hong","year":"2017","journal-title":"IEEE Commun. Lett."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"240","DOI":"10.1504\/IJAHUC.2020.106666","article-title":"A novel deep learning model for detection of denial of service attacks in HTTP traffic over internet","volume":"33","author":"Punitha","year":"2020","journal-title":"Int. J. Ad Hoc Ubiquitous Comput."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1016\/j.comnet.2019.01.007","article-title":"Introducing the SlowDrop Attack","volume":"150","author":"Cambiaso","year":"2019","journal-title":"Comput. Netw."},{"key":"ref_17","first-page":"1","article-title":"Hypertext Transfer Protocol Version 2 (HTTP\/2)","volume":"7540","author":"Belshe","year":"2015","journal-title":"RFC Ed."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Adi, E., Baig, Z., Lam, C., and Hingston, P. (2015, January 24\u201327). Low-Rate Denial-of-Service Attacks against HTTP\/2 Services. Proceedings of the 2015 5th International Conference on IT Convergence and Security (ICITCS), Kuala Lumpur, Malaysia.","DOI":"10.1109\/ICITCS.2015.7292994"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1007\/s10586-015-0528-7","article-title":"Distributed denial-of-service attacks against HTTP\/2 services","volume":"19","author":"Adi","year":"2016","journal-title":"Clust. Comput."},{"key":"ref_20","unstructured":"(2021, August 12). HTTP\/2: In-depth Analysis of the Top Four Flaws of the Next Generation Web Protocol. IMPERVA: Hacker Intelligent Initiative, Available online: https:\/\/www.imperva.com\/docs\/Imperva_HII_HTTP2.pdf."},{"key":"ref_21","unstructured":"Winkel, S. (2021, August 12). Network Forensics and HTTP\/2. Available online: https:\/\/www.sans.org\/white-papers\/36647\/."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.cose.2017.09.009","article-title":"Slow Rate Denial of Service Attacks Against HTTP\/2 and Detection","volume":"72","author":"Tripathi","year":"2017","journal-title":"Comput. Secur."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.jnca.2017.04.015","article-title":"Stealthy Denial of Service (DoS) Attack Modelling and Detection for HTTP\/2 Services","volume":"91","author":"Adi","year":"2017","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Ling, X., Wu, C., Ji, S., and Han, M. (2018). H2DoS: An Application-Layer DoS Attack Towards HTTP\/2 Protocol. Security and Privacy in Communication Networks, Springer International Publishing.","DOI":"10.1007\/978-3-319-78813-5_28"},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"1790","DOI":"10.1109\/TIFS.2019.2950121","article-title":"Multiplexed Asymmetric Attacks: Next-Generation DDoS on HTTP\/2 Servers","volume":"15","author":"Praseed","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Patni, P., Iyer, K., Sarode, R., Mali, A., and Nimkar, A. (2017, January 23\u201324). Man-in-the-middle attack in HTTP\/2. Proceedings of the 2017 International Conference on Intelligent Computing and Control (I2C2), Coimbatore, India.","DOI":"10.1109\/I2C2.2017.8321787"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Vaccari, I., Aiello, M., and Cambiaso, E. (2020). SlowITe, a Novel Denial of Service Attack Affecting MQTT. Sensors, 20.","DOI":"10.3390\/s20102932"},{"key":"ref_28","first-page":"383","article-title":"Characterization and Comparison of DDoS Attack Tools and Traffic Generators\u2014A Review","volume":"19","author":"Behal","year":"2017","journal-title":"Int. J. Netw. Secur."},{"key":"ref_29","unstructured":"Shekyan, S. (2020, August 12). Slowhttptest. Available online: https:\/\/github.com\/shekyan\/slowhttptest."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Cika, P., and Clupek, V. (2019, January 17\u201320). Stress Tester and Network Emulator in Apache JMeter. Proceedings of the 2019 Photonics & Electromagnetics Research Symposium\u2013Spring (PIERS-Spring), Rome, Italy.","DOI":"10.1109\/PIERS-Spring46901.2019.9017650"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Sikora, M., Krivulcik, A., Fujdiak, R., and Blazek, P. (2020, January 5\u20137). Design of Advanced Slow Denial of Service Attack Generator. Proceedings of the 2020 12th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT), Brno, Czech Republic.","DOI":"10.1109\/ICUMT51630.2020.9222423"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Schuba, C.L., Krsul, I.V., Kuhn, M.G., Spafford, E.H., Sundaram, A., and Zamboni, D. (1997, January 4\u20137). Analysis of a denial of service attack on TCP. Proceedings of the 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097), Oakland, CA, USA.","DOI":"10.1109\/SECPRI.1997.601338"},{"key":"ref_33","first-page":"127","article-title":"A Review of Defense Against Slow HTTP Attack","volume":"1","author":"Suroto","year":"2017","journal-title":"JOIV Int. J. Inform. Vis."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Dantas, Y.G., Nigam, V., and Fonseca, I.E. (2014, January 24\u201326). A Selective Defense for Application Layer DDoS Attacks. Proceedings of the 2014 IEEE Joint Intelligence and Security Informatics Conference, The Hague, The Netherlands.","DOI":"10.1109\/JISIC.2014.21"},{"key":"ref_35","unstructured":"Park, J., Iwai, K., Tanaka, H., and Kurokawa, T. (2014, January 26\u201329). Analysis of Slow Read DoS attack. Proceedings of the 2014 International Symposium on Information Theory and Its Applications, Victoria, BC, Canada."},{"key":"ref_36","unstructured":"Pollard, B. (2019). HTTP\/2 in Action, Manning."},{"key":"ref_37","unstructured":"Karimi, K., Ahmadi, A., Ahmadi, M., and Bahrambeigy, B. (2013, January 25). Acceleration of IPTABLES Linux Packet Filtering Using GPGPU. Proceedings of the 2013 Symposium on Computer Science and Software Engineering (CSSE), Tehra, Iran."},{"key":"ref_38","unstructured":"Shekyan, S. (2021, July 20). SlowHTTPTest Package Description. Available online: https:\/\/tools.kali.org\/stress-testing\/slowhttptest."},{"key":"ref_39","unstructured":"Geniar, M. (2021, July 22). Slowloris. Available online: https:\/\/github.com\/mattiasgeniar\/slowloris."},{"key":"ref_40","unstructured":"Gilbert, C. (2021, July 22). PyLoris. Available online: https:\/\/motoma.io\/pyloris\/."},{"key":"ref_41","unstructured":"Chaddha, S. (2021, July 22). Rudyjs. Available online: https:\/\/github.com\/sahilchaddha\/rudyjs."},{"key":"ref_42","unstructured":"(2021, March 31). Usage Statistics of Apache Version 2.4. W3Techs, Available online: https:\/\/w3techs.com\/technologies\/details\/ws-apache\/2.4."},{"key":"ref_43","unstructured":"Kneschke, J. (2021, March 30). Lighttpd 1.4.56. Available online: https:\/\/www.lighttpd.net\/2020\/11\/29\/1.4.56\/."},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Faria, V.S., Gon\u00e7alves, J.A., Silva, C.A.M., Vieira, G.B., and Mascarenhas, D.M. (2020). SDToW: A Slowloris Detecting Tool for WMNs. Information, 11.","DOI":"10.3390\/info11120544"},{"key":"ref_45","unstructured":"Maurice, C., Bilge, L., Stringhini, G., and Neves, N. (2020). Web Runner 2049: Evaluating Third-Party Anti-bot Services. Detection of Intrusions and Malware, and Vulnerability Assessment, Springer International Publishing."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/16\/5473\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T06:45:39Z","timestamp":1760165139000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/21\/16\/5473"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,13]]},"references-count":45,"journal-issue":{"issue":"16","published-online":{"date-parts":[[2021,8]]}},"alternative-id":["s21165473"],"URL":"https:\/\/doi.org\/10.3390\/s21165473","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8,13]]}}}