Streamlining HTTP Flooding Attack Detection through Incremental Feature Selection

TL;DR

This paper proposes an incremental feature selection method based on mutual information and correlation to improve the detection of HTTP flooding attacks in web applications, enabling near-real-time identification.

Contribution

It introduces INFS-MICC, a novel incremental feature subset selection technique that enhances HTTP flooding attack detection accuracy and efficiency.

Findings

Effective detection of HTTP flooding attacks in near-real time

Improved classification performance with selected feature subset

Reduction in computational complexity for attack detection

Abstract

Applications over the Web primarily rely on the HTTP protocol to transmit web pages to and from systems. There are a variety of application layer protocols, but among all, HTTP is the most targeted because of its versatility and ease of integration with online services. The attackers leverage the fact that by default no detection system blocks any HTTP traffic. Thus, by exploiting such characteristics of the protocol, attacks are launched against web applications. HTTP flooding attacks are one such attack in the application layer of the OSI model. In this paper, a method for the detection of such an attack is proposed. The heart of the detection method is an incremental feature subset selection method based on mutual information and correlation. INFS-MICC helps in identifying a subset of highly relevant and independent feature subset so as to detect HTTP Flooding attacks with best possible classification performance in near-real time.