Method of slow-attack detection

The analysis of realization low-intensity HTTP-attacks was performed. Were described scenarios of Slowloris, Slow POST and Slow READ attack. Features of this type of attacks in comparison with low-level attacks such as "denial of service" were selected: they do not require a large number of resources from the attacking machine, and they are difficult for the detection, since their parameters are similar to legitimate traffic. For each type of attacks the characteristic features were highlighted. Parameters of http-request, which assume the detection of this type attacks high-lighted. The analysis of mathematical tools of building the models for the systems for these types of attacks detection on the basis of the obtained parameters was performed.