Intrusion Detection in Computer Networks using Decision Tree and Feature Reduction

Document Type : Original Article

Author

Assistant Professor, Department of Computer Science, Golestan University, Gorgan, Iran

Abstract

Today, the need for anomaly-based intrusion detection systems is felt more than ever due to the emergence of new attacks and the increase in Internet speed. The main criterion for determining the validity of an efficient intrusion detection system is the detection of attacks with high accuracy. In addition to inability of existing systems to manage growing attacks, also they have high rates of positive and negative misdiagnosis. This paper uses the ID3 decision tree features for anomaly-based intrusion detection systems. Two feature selection methods are also used to reduce the amount of used data for the detection and categorization. The KDD Cup99 dataset was used to evaluate the proposed algorithm. The test results show a detection accuracy of 99.89% for the DoS attack and an average accuracy of 94.65% for all attacks using the decision tree, indicating better values ​​than previous tasks.

Keywords


[1] D.E. Denning, “An intrusion detection model,” IEEE Symposium on Security and Privacy, vol. 13,
pp. 222-232, 1997.
[2] C. Gates, C. Taylor, “Challenging the anomaly detection paradigm: A provocative discussion,” Proceedings of 2006 Workshop, New Security Paradigms, pp. 21-29, 2007.
[3] R. Sommer, V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,”Proceedings of IEEE Symposium on Security and Privacy, pp.305-316, 2010.
[4] J. Peng, K.K.R. Choo, H. Ashman, “User profiling in intrusion detection: A review,” Journal of Network and Computer Applications, vol. 72, pp.14-27, 2016.
[5] A.I. Abubakar, H. Chiroma, S.A. Muaz, L.B. Ila, “A review of the advances in cyber security benchmark datasets for evaluating data-driven based intrusion detection systems,” Procedia Computer Science,
vol. 62, pp. 221-227, 2015.
[6]  V. Paxson, S. Floyd, “Wide-area traffic: The failure of Poisson modeling,” IEEE/ACM Transactions on Networking, vol. 3, pp. 226-244, 1995.
[7] D. Canali, M. Cova, G. Vigna, C. Kruegel, “Prophiler: A fast filter for the large -scale detection of malicious Web pages categories and subject descriptors,”
Proceedings of. International World Wide Web Conference, pp.197-206, 2017.
[8] A. Shiravi, H. Shiravi, M. Tavallaee, A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” Computers & Security, vol. 31, pp. 357-354, 2012.
[9] M. Tavallaee, E. Bagheri, W. Lu, A. a. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA), pp. 1-6, 2009.
[10] U. Shaukat, Z. Anwar, “A fast and scalable technique for constructing multicast routing trees with optimized quality of service using a firefly based genetic algorithm,” Multimedia Tools and Applications,
vol. 75, pp. 2275-2301, 2016.
[11] L.S. Oliveira, R. Sabourin, F. Bortolozzi, C.Y. Suen, “A methodology feature selection using multi-objective genetic algorithms for handwritten digit string recognition,” International Journal of Pattern Recognition and Artificial Intelligence, vol. 17, pp. 903-929, 2003.
[12] Z. Fei, B. Li, S. Yang, C. Xing, H. Chen, L. Hanzo, “A survey of multi-objective optimization in wireless sensor networks: Metrics Algorithms and Open Problems,” in: IEEE Communications Surveys & Tutorials, vol. 19, pp. 550-586, 2017.
[13] E. De, A. Ortiz, A. Martinez-Alvarez, “Feature selection by multi-objective optimization: Application to network anomaly detection by hierarchical self-organizing maps,” Knowledge-based Systems, vol. 71, pp. 322-338, 2014.
[14] E. Viegas, A. Santin, A. Franca, R. Jasinksi, V. Pedroni, L. Oliveira, “Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems,” IEEE Transactions on Computers, vol. 66, pp. 163-177, 2017.
[15] F. A. Khan, A. Gumaei, A. Derhab, A. Hussain, “A novel two-stage deep learning model for efficient network intrusion detection,” IEEE Access, vol. 7, pp. 30373–30385, 2019.
[16] J. Luo, S. Chai, B. Zhang, Y. Xia, J. Gao, G. Zeng, “A novel intrusion detection method based on threshold modification using receiver operating characteristic curve,” Concurrency and Computation: Practice and Experience, pp. 5690-5703, 2020.
[17] M. Ahsan, M. Mashuri, M. H. Lee, H. Kuswanto, D.D. Prastyo, “Robust adaptive multivariate hotelling’s t2 control chart based on kernel density estimation for intrusion detection system,” Expert Systems with Applications, vol. 145, pp. 113105, 2020.
[18] N. Moustafa, J. Slay, G. Creech, “Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks,” IEEE Transactions on Big Data, vol. 5, no. 4,
pp. 481–494, 2017.
[19] F. Gottwalt, E. Chang, T. Dillon, “Corrcorr: A feature selection method for multivariate correlation network anomaly detection techniques,” Computers&Security, vol. 83, pp. 234–245, 2019.
[20] A. Maroosi, E. Zabbah, H.A. Khabbaz, “Network Intrusion Detection using a Combination of Artificial Neural Networks in a Hierarchical Manner,” Journal of Electronical & Cyber Defence, Vol. 8, pp. 89-99, 2020. (In Persian)
[21] R. Jalaei, M.R. Hasani Ahangar, “Detecting Botnets with Timing-Based Covert Command and Control Channels,” Journal of Electronical & Cyber Defence, Vol. 7, pp. 1-15, 2019. (In Persian)
[22]  C. Jie, L. Jiawei, W. Shulin, Y. Sheng, “Feature selection in machine learning: A new perspective,” Neurocomputing, vol. 300, pp. 70-79, 2018.
[23]  I. Caturvedi, E. Ragusa, P. Gastaldo, R. Zunino, E. Cambria, “Bayesian network based extreme learning machine for subjectivity detection,” Journal of the Franklin Institute, vol. 355, pp. 1780-1797, 2018.
[24]  R. Elkan, “Results of the KDD 99 classifier learning,” ACM SIGKDD Explorations Newsletter, vol. 1, pp.63-64, 2000.
[25] M. Aldwairi, Y. Khamayseh, M. Al-Masri, “Application of artificial bee colony for intrusion detection systems,” Security and Communication Networks, vol. 8, pp. 2730-2740, 2015.
[26]  H. Shirazi, Y. Kalaji, “An intelligent intrusion detection system using genetic algorithms and features selection,” Majlesi Journal of Electrical Engineering March, vol. 4, pps.33-43, 2010.
 
Volume 9, Issue 3 - Serial Number 35
Serial No. 35, Autumn Quarterly
December 2021
Pages 99-108
  • Receive Date: 25 November 2020
  • Revise Date: 13 March 2021
  • Accept Date: 10 April 2021
  • Publish Date: 22 November 2021