A P4-based content-aware approach to mitigate slow HTTP POST attacks.

A slow HTTP POST attack is an application-layer distributed denial-of-service attack targeting web servers. The attacker simulates a legitimate user with a slow network speed and continues to send requests, resulting in server resources being unavailable for a long time to other users. The similarity to legitimate behavior makes it challenging to identify such attack traffic. To address this issue, this paper proposes a responsive defense mechanism that exploits programmable network devices to identify attack traffic based on HTTP headers. With information that is not available from legacy network devices, this method can identify different types of requests and apply limitations. This approach achieves a distributed, source-based defense capability by utilizing data plane programmability, making it a scalable solution. The simulation results show that the approach is effective and accurate against slow HTTP POST attacks.