Similar terms can be found in literature, such as: Particularly, in order to reduce bandwidth, a slow DoS attack often acts at the application layer of the ISO/OSI stack (e.g. in case of timeout exploiting threats[4]), although this is not a requirement.
[5] Such layer is however easier to exploit in order to successfully attack a victim even by sending it a few bytes of malicious requests.
The purpose of a slow DoS attack is (often, but not always[4]) to cause unavailability of a network service, by seizing all the connections the daemon is able to concurrently manage, at the application layer.
Under such conditions, any new incoming connection, even from potentially legitimate clients, will not be accepted by the daemon, hence leading to a denial of service.
In order to keep connections alive, reducing at the same time the attack bandwidth, considering a single connection, data are sent to the target service only at specific times, by exploiting the so-called Wait Timeout parameter,[1] scheduling a periodic data sending activity (at the application layer): once the timeout expires, a specific payload (depending on the attack type and the approach used by the malicious user) is sent to the targeted daemon.