<![CDATA[The increasing frequency of cyberattacks, particularly Denial of Service (DoS) attacks, poses significant challenges to the availability of online services. Multi-target DoS attacks exacerbate this issue by simultaneously targeting multiple systems, requiring robust and automated mitigation strategies. This study evaluates the effectiveness of Wazuh Active Response, an open-source Security Information and Event Management (SIEM) solution, in mitigating multi-target DoS attacks using the Slowloris technique. The methodology involved simulating multi-target DoS attacks using `slowhttptest` against multiple target servers and configuring Wazuh Active Response to automatically block malicious IP addresses upon detection. Key metrics measured included Success Rate, Response Time Detection, and Response Time Blocking. The results showed a Success Rate of 100% with Active Response enabled, an average Response Time Detection of 10.36 seconds, and an average Response Time Blocking of 50.36 seconds. This study confirms that Wazuh Active Response effectively mitigates multi-target DoS attacks, ensuring a high success rate in blocking malicious IP addresses and demonstrating the potential of automated threat detection and response mechanisms in enhancing network security against complex attack scenarios.]]>
Copyrights © 2025
