Design And Implementation Of Attack Model And Detection System Based On HTTP/2

With the continuous development of the Internet,the volume of interactive content between users and Web applications becomes larger and larger.The HTTP/1.1 protocol is the most widely used application-layer transport protocol on the Internet today.It was originally designed to transmit text and has significant latency when transferring large volumes of data.The HTTP/2 protocol not only supports all the basic features of the HTTP/1.1 protocol,but also significantly reduces transport latency.Studies have shown that in the vast majority of cases,the transmission performance of the HTTP/2 protocol is significantly better than the HTTP/1.1 protocol.However,because the HTTP/2 protocol contains many new features,it also presents many potential security vulnerabilities.This thesis proposes a new attack model for the HTTP/2 protocol and improves the existing detection model to detect the traffic generated by the new attack model.Finally,a Web server monitoring system is designed and implemented based on the improved detection model.The specific results are:1.A slow denial of service attack against HTTP/2 protocol is proposed.When an attacker makes a connection to the server,it first configures the SETTINGS frame and RST_STREAM frame with specific parameters,and then sends the frames to the server in a specific order to consume server resources.Experiments show that this attack can successfully cause server denial of service.In order to detect the proposed slow denial-of-service attack,this thesis adds features to the existing detection model to improve the detection model.Experiments show that the improved detection model can detect both the original attack traffic and the new attack traffic.2.Designed and implemented a web server monitoring system.The system consists of two parts:traffic monitoring and server status monitoring.The traffic monitoring part takes the improved detection model as the core and monitors the data packets received by the server.The server status monitoring part stores the real-time status information of the server in the specified location,which is then read by the Logstash and Prometheus tools and visualized by Grafana tools.The operation results show that the system can effectively monitor traffic and status information and alarm in time.