Login
Login

Slowdroid

{{Short description|Experimental denial of service attack}}

{{Multiple issues|

{{primary sources|date=July 2015}}

{{third-party|date=July 2015}}

}}

{{Infobox software

| name = SlowDroid

| logo = SlowDroid_app_icon.png

| screenshot = SlowDroid_main_screen.png

| caption =

| collapsible =

| author = Enrico Cambiaso, Maurizio Aiello

| developer = Enrico Cambiaso

| released = 2013

| latest release version =

| latest release date =

| latest preview version = 0.87.5

| latest preview date =

| programming language = Java

| operating system = Android

| platform =

| size = 128 kb

| status =

| genre =

| license = Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported

| website = {{URL|1=https://www.ieiit.cnr.it/expertise/network-security}}

}}

SlowDroid is the firstAlturki, A. A. U. M. A., Vivek, T. B. K. M. K., & Talcott, N. A. S. C. (2019). Resource-Bounded Intruders in Denial of Service Attacks. denial of service attack which allows a single mobile device to take down a network server requiring minimal bandwidth.{{cite book|last1=Cambiaso|first1=Enrico|last2=Papaleo|first2=Gianluca|last3=Aiello|first3=Maurizio|title=2014 International Conference on Future Internet of Things and Cloud |chapter=SlowDroid: Turning a Smartphone into a Mobile Attack Vector |date=2014|pages=405–410|doi=10.1109/FiCloud.2014.72|isbn=978-1-4799-4357-9|s2cid=14792419|chapter-url=https://zenodo.org/record/896552}}Hirakawa, T., & Takata, T. (2020, August). The Trade-Off Between the False-Positive Ratio and the Attack Cost of Slow HTTP DoS. In International Conference on Network-Based Information Systems (pp. 225-237). Springer, Cham.

The attack has been created for research purposes by Enrico Cambiaso and Maurizio Aiello for the IEIIT Institute{{cite web|url=http://www.ieiit.cnr.it|website=CNR-IEIIT|title=IEIIT}} of the National Research Council of Italy and released as an Android application.

SlowDroid behavior{{Cite web|title=Details of selected DDoS attacks|url=https://1vijz13l53qx3gxkg21xmwmw-wpengine.netdna-ssl.com/wp-content/uploads/DDoS-Attack-Details.pdf|access-date=2021-11-18|archive-date=2021-11-18|archive-url=https://web.archive.org/web/20211118085831/https://1vijz13l53qx3gxkg21xmwmw-wpengine.netdna-ssl.com/wp-content/uploads/DDoS-Attack-Details.pdf|url-status=dead}} is similar to other Slow DoS Attacks{{cite journal|last1=Cambiaso|first1=Enrico|last2=Papaleo|first2=Gianluca|last3=Chiola|first3=Giovanni|last4=Aiello|first4=Maurizio|title=Slow DoS attacks: definition and categorisation|journal=International Journal of Trust Management in Computing and Communications|date=2013|volume=1|issue=3/4|pages=300–319|doi=10.1504/IJTMCC.2013.056440|hdl=11567/571723 |hdl-access=free}} such as Slowloris, since it creates many connections with the victim in order to saturate the resources of the listening daemon application.

One difference is on sent payload, which in case of SlowDroid is not compliant to a specific protocol: instead of sending a forged HTTP request, an endless sequence of spaces is sent instead. This characteristic makes SlowDroid able to target different protocols with the same payload.

Another difference is on sending: during the data sending phase, instead of sending a sequence of characters as Slowloris does, SlowDroid sends a single character, hence reducing the bandwidth amounts.

Finally, the main difference is on implementation: SlowDroid has been implemented to be executed on the Android mobile operating system platform.

SlowDroid was initially published on the Google Play Store. Due to developers terms of service, the application has been removed by the store.

SlowDroid can also be used as a botnet{{Cite web|title=Integration results of SHIELD HW/SW modules|url=https://ec.europa.eu/research/participants/documents/downloadPublic?documentIds=080166e5b82a6900&appId=PPGMS|access-date=2021-11-18|website=ec.europa.eu}} and it was used also by the Anonymous group of hacktivists.

SlowDroid was mentioned in an official European Commission document and it was presented in scientific conferences.{{Cite web|title=EECS 600 (Internet Security)|url=https://brennan.io/notes/eecs600.html|access-date=2021-11-18|website=brennan.io}}

See also

References

{{Reflist}}

Category:Denial-of-service attacks

Category:Android (operating system) software