The Design and Implementation of HTTP/3 DoS Prevention Technique on QUIC Initial Handshake
1
Issued Date
2025-01-01
Resource Type
Scopus ID
2-s2.0-105007554448
Journal Title
2025 17th International Conference on Knowledge and Smart Technology Kst 2025
Start Page
370
End Page
375
Rights Holder(s)
SCOPUS
Bibliographic Citation
2025 17th International Conference on Knowledge and Smart Technology Kst 2025 (2025) , 370-375
Suggested Citation
Visoottiviseth V., Laosuwanwat P., Rassameeroj I. The Design and Implementation of HTTP/3 DoS Prevention Technique on QUIC Initial Handshake. 2025 17th International Conference on Knowledge and Smart Technology Kst 2025 (2025) , 370-375. 375. doi:10.1109/KST65016.2025.11003302 Retrieved from: https://repository.li.mahidol.ac.th/handle/123456789/110697
Title
The Design and Implementation of HTTP/3 DoS Prevention Technique on QUIC Initial Handshake
Author(s)
Author's Affiliation
Corresponding Author(s)
Other Contributor(s)
Abstract
The deployment of HTTP/3 powered by the QUIC protocol represents a significant advancement in the web technology. This paper investigates the vulnerabilities inherent in the QUIC protocol, particularly during its initial handshake phase, within the framework of Denial of Service (DoS) attacks that pose a threat to the infrastructure of HTTP/3. In this research, a Proof of Concept (POC) script is developed to emulate SYN Flood-like attacks to unveil the protocol's susceptibility to amplification and reflection attacks. Addressing these vulnerabilities, we also develop a signature for Suricata Intrusion Detection System (IDS) and evaluated its efficacy in detecting and mitigating the simulated attacks. The experimental results on a victim machine reveal a significant surge in CPU utilization-peaking at 100 % during nonprotected states and moderating to 49.95 % in protected states. Future research directions include refining these IDS rules and employing machine learning technologies for dynamic threat detection and adaptive rule optimization.