A Slow Hypertext-Transfer-Protocol (HTTP) Denial-of-service (DoS) Attack looks like a genuine user and can block access to genuine users. Over the past few years, several studies have been performed on the defense against Slow HTTP DoS Attacks. However, little attention has been given to a Slow HTTP DoS Attack that resembles a normal DoS Attack. In this paper, the effectiveness of setting the longest session time and the longest packet interval with an appropriate threshold was evaluated by changing each threshold and comparing the results. As a result, we demonstrated the effectiveness of the proposed method. To prevent a Slow HTTP DoS attack completely, it is necessary to not only take measures for typical Slow HTTP DoS attacks but also set a threshold for anomaly detection in consideration of Slow HTTP DoS attacks that resemble a normal DoS attack.
展开▼