Open Access Open Access  Restricted Access Subscription Access

Decision Tree Based Algorithm for Intrusion Detection


Affiliations
1 Department of Computer Science and Applications, Panjab University, Chandigarh, India
2 Computer Center, Panjab University, Chandigarh, India
 

An Intrusion Detection System (IDS) is a defense measure that supervises activities of the computer network and reports the malicious activities to the network administrator. Intruders do many attempts to gain access to the network and try to harm the organization's data. Thus the security is the most important aspect for any type of organization. Due to these reasons, intrusion detection has been an important research issue. An IDS can be broadly classified as Signature based IDS and Anomaly based IDS. In our proposed work, the decision tree algorithm is developed based on C4.5 decision tree approach. Feature selection and split value are important issues for constructing a decision tree. In this paper, the algorithm is designed to address these two issues. The most relevant features are selected using information gain and the split value is selected in such a way that makes the classifier unbiased towards most frequent values. Experimentation is performed on NSL-KDD (Network Security Laboratory Knowledge Discovery and Data Mining) dataset based on number of features. The time taken by the classifier to construct the model and the accuracy achieved is analyzed. It is concluded that the proposed Decision Tree Split (DTS) algorithm can be used for signature based intrusion detection.

Keywords

Decision Tree, Information Gain, Gain Ratio, NSL-KDD, Signature-Based IDS.
User
Notifications
Font Size

Abstract Views: 226

PDF Views: 1




  • Decision Tree Based Algorithm for Intrusion Detection

Abstract Views: 226  |  PDF Views: 1

Authors

Kajal Rai
Department of Computer Science and Applications, Panjab University, Chandigarh, India
M. Syamala Devi
Department of Computer Science and Applications, Panjab University, Chandigarh, India
Ajay Guleria
Computer Center, Panjab University, Chandigarh, India

Abstract


An Intrusion Detection System (IDS) is a defense measure that supervises activities of the computer network and reports the malicious activities to the network administrator. Intruders do many attempts to gain access to the network and try to harm the organization's data. Thus the security is the most important aspect for any type of organization. Due to these reasons, intrusion detection has been an important research issue. An IDS can be broadly classified as Signature based IDS and Anomaly based IDS. In our proposed work, the decision tree algorithm is developed based on C4.5 decision tree approach. Feature selection and split value are important issues for constructing a decision tree. In this paper, the algorithm is designed to address these two issues. The most relevant features are selected using information gain and the split value is selected in such a way that makes the classifier unbiased towards most frequent values. Experimentation is performed on NSL-KDD (Network Security Laboratory Knowledge Discovery and Data Mining) dataset based on number of features. The time taken by the classifier to construct the model and the accuracy achieved is analyzed. It is concluded that the proposed Decision Tree Split (DTS) algorithm can be used for signature based intrusion detection.

Keywords


Decision Tree, Information Gain, Gain Ratio, NSL-KDD, Signature-Based IDS.