CIC DoS dataset (01/01/2017 to 01/01/2017)

In this study the focus was on the universal type of application DoS slow-rate attacks that are often seen in two variations: slow send and slow read. The lack of data with application layer DoS attacks prompted us to create an evaluation dataset. We have set up a testbed environment with a victim webserver running Apache Linux v.2.2.22, PHP5 and Drupal v.7 as a content management system. The attacks were selected to represent the most common types of application layer DoS. We assume that an attacker is non-oblivious, i.e., he understands the attack, knows exactly when and how much traffic to send to maximize the attack damage. Since the main premise of low-volume DoS attacks is their ability to impact a service without significant resources on an attacker side, the attacks were generated with just enough traffic to impact the targeted service, i.e, the attacks were stopped once a server became unresponsive. As a result we noticed that to be successful it was sufficient for these attacks to produce small amounts of traffic during short periods of time. ; cic@unb.ca