Annotation: The values of the quality characteristic of TCP connections for each type of Slow-http attacks are highlighted. A mathematical model for formalizing the behavior of the web-server when implementing the various types of Slow HTTP-attacks was developed. The relations that enable us to estimate the probability and the transition to the webserver into overload condition, with the current network activity settings were defined. The detection algorithm of Slow-http attack and the classification of its type are developed. The problem of detecting the source of the attack and the development of measures to protect the web-server from overload are solved. Architecture Slow HTTPattacks, allowing to implement the developed algorithm is proposed.