Comparative Performance Analysis of IDM and Traditional HTTP Flood Defence

Abstract

The IDM focuses on both secondary, tertiary defense and includes primary and secondary monitoring within a five-phase process to identify defenses against HTTP GET flooding attacks. In the first phase, primary monitoring, incoming traffic is filtered through IP addresses, ports, protocols and packet types, with a monitor queue to provide active supervision and an overflow function to mitigate the load on the system. In the second phase, secondary monitoring with tokenization, Random Forests facilitate feature extraction to improve the detection angle of precision and recall. Tokenization provides the facility to handle time behavior of the requested packets. The overall effectiveness of this multi-layered defense can be derived from the extent monitoring for behavior, along with any external intrusion detection systems (IDS) and firewalls, contribute to any anomaly detection phase. It continuously improves detection accuracy and response times by learning from historical traffic behaviour and adjusting its defence systems. By taking this proactive stance, IDM improves overall system security and performance while lessening the burden on server infrastructure.