A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset. Issue 125 (February 2023)
- Record Type:
- Journal Article
- Title:
- A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset. Issue 125 (February 2023)
- Main Title:
- A hands-on gaze on HTTP/3 security through the lens of HTTP/2 and a public dataset
- Authors:
- Chatzoglou, Efstratios
Kouliaridis, Vasileios
Kambourakis, Georgios
Karopoulos, Georgios
Gritzalis, Stefanos - Abstract:
- Abstract: Following QUIC protocol ratification on May 2021, the third major version of the Hypertext Transfer Protocol, namely HTTP/3, was published around one year later in RFC 9114. In light of these consequential advancements, the current work aspires to provide a full-blown coverage of the following issues, which to our knowledge have received feeble or no attention in the literature so far. First, we provide a complete review of attacks against HTTP/2, and elaborate on if and in which way they can be migrated to HTTP/3. Second, through the creation of a testbed comprising the at present six most popular HTTP/3-enabled servers, we examine the effectiveness of a quartet of attacks, either stemming directly from the HTTP/2 relevant literature or being entirely new. This scrutiny led to the assignment of at least one CVE ID with a critical base score by MITRE. No less important, by capitalizing on a realistic, abundant in devices testbed, we compiled a voluminous, labeled corpus containing traces of ten diverse attacks against HTTP and QUIC services. An initial evaluation of the dataset mainly by means of machine learning techniques is included as well. Given that the 30 GB dataset is made available in both pcap and CSV formats, forthcoming research can easily take advantage of any subset of features, contingent upon the specific network topology and configuration.
- Is Part Of:
- Computers & security. Issue 125(2023)
- Journal:
- Computers & security
- Issue:
- Issue 125(2023)
- Issue Display:
- Volume 125, Issue 125 (2023)
- Year:
- 2023
- Volume:
- 125
- Issue:
- 125
- Issue Sort Value:
- 2023-0125-0125-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-02
- Subjects:
- HTTP/2 -- HTTP/3 -- QUIC -- IDS -- Machine Learning -- Anomaly Detection -- Vulnerabilities -- DDoS -- Attack -- Dataset
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2022.103051 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 26775.xml