Abstract—This paper proposes a new method to detect Cookie Bomb attacks. A Cookie Bomb attack is a denial-of-service attack such that a user cannot receive a legitimate Hypertext Transfer Protocol (HTTP) response from an HTTP server because the total amount of cookies in an HTTP request exceeds the size limit accepted by the HTTP server. The new method includes our cloud architecture and detection algorithms. The cloud architecture distributes and executes a detection script, which is an implementation of the detection algorithms. This architecture uses Azure Virtual Machines, Azure Storage, Azure Automation, Azure Monitor, and Microsoft Sentinel. The virtual machines are the core components of the architecture, to which end users can connect via RDP to use their browsers. The detection script performs three tasks: obtaining paths to cookies databases generated by browsers, retrieving cookies data from a database, and comparing a threshold with the total size of all cookies a browser sends to a server. Results indicate that our proposed method 1) enables scheduled automation, 2) provides better visibility across regions, and 3)expands detection coverage for different Windows users,browsers, and browser profiles.
 
Keywords—cybersecurity, cookie bomb attack, cloud computing, security information and event management


Copyright © 2023 by the authors. This is an open access article distributed under the Creative Commons Attribution License (CC BY-NC-ND 4.0), which permits use, distribution and reproduction in any medium, provided that the article is properly cited, the use is non-commercial and no modifications or adaptations are made.