Advertisement

Cluster Computing

, Volume 22, Supplement 5, pp 10549–10565 | Cite as

An enhanced J48 classification algorithm for the anomaly intrusion detection systems

  • Shadi AljawarnehEmail author
  • Muneer Bani Yassein
  • Mohammed Aljundi
Article

Abstract

In this paper, we have developed an enhanced J48 algorithm, which uses the J48 algorithm for improving the detection accuracy and the performance of the novel IDS technique. This enhanced J48 algorithm is seen to help in an effective detection of probable attacks which could jeopardise the network confidentiality. For this purpose, the researchers used many datasets by integrating different approaches like the J48, Naive Bayes, Random Tree and the NB-Tree. An NSL KDD intrusion dataset was applied while carrying out all experiments. This dataset was divided into 2 datasets, i.e., training and testing, which was based on the data processing. Thereafter, a feature selection method based on the WEKA application was used for evaluating the efficacy of all the features. The results obtained suggest that this algorithm showed a better, accurate and more efficient performance without using the above-mentioned features when compared to the feature selection procedure. An implementation of this algorithm guaranteed the dataset classification based on a detection accuracy of 99.88% for all the features when using the 10-fold cross-validation test, a 90.01% accuracy for the supplied test set after using the complete test datasets along with all the features and a 76.23% accuracy for supplying the test set after using the test-21 dataset along with all features.

Keywords

J48 IDS Feature selection Fold cross-validation Weka NSL_KDD 

References

  1. 1.
    Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)CrossRefGoogle Scholar
  2. 2.
    Sheta, A.F., Alamleh, A.: A Professional Comparison of C4.5, MLP, SVM for Network Intrusion Detection Based Feature Selection Analysis (2015)Google Scholar
  3. 3.
    Onik, A.R., Haq, N.F., Alam, L., Mamun, T.I.: An analytical comparison on filter feature extraction method in data mining using J48 classifier. Int. J. Comput. Appl. 124(13) (2015)Google Scholar
  4. 4.
    Kumar, G.R., Nimmala, M., Narasimha, G.: An approach for intrusion detection using novel Gaussian based kernel function. J. Univers. Comput. Sci. 22(4), 589–604 (2016)MathSciNetGoogle Scholar
  5. 5.
    Witten, I.H., Frank, E., Hall, M.A., Pal, C.J.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann (2016)Google Scholar
  6. 6.
    Panda, M., Patra, M.R.: Network intrusion detection using Naïve bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258–263 (2007)Google Scholar
  7. 7.
    Weiming, H., Wei, H., Maybank, S.: AdaBoost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. B Cybern. 38, 577–583 (2008)CrossRefGoogle Scholar
  8. 8.
    Kosamkar, V.: Improved Intrusion detection system using C4.5 decision tree and support vector machine. Doctoral dissertation, Mumbai University (2013)Google Scholar
  9. 9.
    Li, W., Yi, P., Wu, Y., Pan, L., Li, J.: A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J. Electr. Comput. Eng. 1–7 (2014). doi: 10.1155/2014/240217
  10. 10.
    Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)CrossRefGoogle Scholar
  11. 11.
    Pathan, A.S.K. (ed.).: The State of the Art in Intrusion Prevention and Detection. CRC Press (2014)Google Scholar
  12. 12.
    Ashfaq, R.A.R., Wang, X.Z., Huang, J.Z., Abbas, H., He, Y.L.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)CrossRefGoogle Scholar
  13. 13.
    Breiman, L., Friedman, J., Stone C., Olshen, R.: Classification and Regression Trees. The Wadsworth and Brooks-Cole Statistics-Probability Series. Taylor and Francis (1984)Google Scholar
  14. 14.
    Quinlan, J.R.: C4. 5: Programs for Machine Learning. Elsevier (2014)Google Scholar
  15. 15.
    Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd edn. Morgan Kaufmann Publishers Inc., San Francisco (2012)zbMATHGoogle Scholar
  16. 16.
    Ooi, S.Y., Leong, Y.M., Lim, M.F., Tiew, H.K., Pang, Y.H.: Network intrusion data analysis via consistency subset evaluator with ID3, C4.5 and bestfirst trees. IJCSNS 13(2), 7 (2013)Google Scholar
  17. 17.
    Medhat, K., Ramadan, R.A., Talkhan, I.: Security in mission critical communication systems: approach for intrusion detection. In: Multimedia Services and Applications in Mission Critical Communication Systems, pp. 270–291. IGI Global (2017)Google Scholar
  18. 18.
    Sahu, S., Mehtre, B.M.: Network intrusion detection system using J48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2023–2026. IEEE (2015, August)Google Scholar
  19. 19.
    Panda, M., Abraham, A., Patra, M.R.: A hybrid intelligent approach for network intrusion detection. Procedia Eng. 30, 1–9 (2012)Google Scholar
  20. 20.
    Aburomman, A., Reaz, M.: A novel SVM-kNNPSO ensemble method for intrusion detection system. Appl. Soft Comput. J. 38, 360–372 (2016)CrossRefGoogle Scholar
  21. 21.
    Goeschel, K.: Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis. SoutheastCon 2016, Norfolk, pp. 1–6 (2016)Google Scholar
  22. 22.
    Sharma, S., Gupta, A., Agrawel, S.: A survey of intrusion detection system for denial of service attack in cloud. Int. J. Comput. Appl. 19, 1–4 (2015)Google Scholar
  23. 23.
    Al Kaabi, S., Al Kindi, N., Al Fazari, S., Trabelsi, Z.: Virtualization based ethical educational platform for hands-on lab activities on DoS attacks. 2016 IEEE Global Engineering Education Conference (EDUCON), pp. 273–280 (2016)Google Scholar
  24. 24.
    Noureldien, N., Yousif, I.: Accuracy of machine learning algorithms in detecting DoS attacks types. Sci. Technol. 6(4), 89–92 (2016)Google Scholar
  25. 25.
    AbdJalil, K., Mara, S.: Comparison of machine learning algorithms performance in detecting network intrusion. In: Proceedings of Networking and Information Technology (ICNIT), pp. 221–226. Manila (2010)Google Scholar
  26. 26.
    Jain, Y.K., Upendra: An efficient intrusion detection based on decision tree classifier using feature reduction. Int. J. Sci. Res. Publ. 2(1), January (2012)Google Scholar
  27. 27.
    Mazraeh, S., Modhej, A., Neysi, S.H.N.: Intrusion detection in computer networks using combination of machine learning techniques. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 16(8), 122 (2016)Google Scholar
  28. 28.
    Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging ensemble method of machine learning. In: 2015 International Conference on Computing Communication Control and Automation (ICCUBEA), pp. 291–295. IEEE (2015, February)Google Scholar
  29. 29.
    Nema, A., Tiwari, B., Tiwari, V.: Improving accuracy for intrusion detection through layered approach using support vector machine with feature reduction. In: Proceedings of the ACM Symposium on Women in Research 2016, pp. 26–31. ACM (2016, March)Google Scholar
  30. 30.
    Modi, U., Jain, A.: An improved method to detect intrusion using machine learning algorithms. Inf. Eng. Int. J. 4.2, 17–29 (2016)Google Scholar
  31. 31.
    [Online]. Available: https://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html [Accessed 26 April 2017]
  32. 32.
    Chaudhari, R.R., Patil, S.P.: Intrusion Detection System: Classification, Techniques and Datasets to Implement (2017)Google Scholar
  33. 33.
    Aljawarneh, S., Aldwairi, M., Yasin, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. (2017)Google Scholar
  34. 34.
    Smith, T.C., Frank, E.: Introducing machine learning concepts with WEKA. Stat. Genom. Methods Protoc. 353–378 (2016)Google Scholar
  35. 35.
    [Online]. Available Weka: http://www.cs.waikato.ac.nz/ml/index.html. [Accessed 26 April 2017]
  36. 36.
    Alcala-Fdez, J., Garcia, S., Fernandez, A., Luengo, J., Gonzalez, S., Saez, J. A., Triguero, I., Moyano, J.M., Jesus, M.J., Sanchez, L., Herrera, F.: Comparison of KEEL versus open source Data Mining tools: Knime and Weka software (2016)Google Scholar
  37. 37.
    Bouckaert, R.R., Frank, E., Hall, M.A., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: WEKA\(\hat{{\rm a}}\hat{}\)’ experiences with a java open-source project. J. Mach. Learn. Res. 11(Sep), 2533–2541 (2010)Google Scholar
  38. 38.
    Ravage, U., Marathe, N., Padiya, P.: Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Procedia Comput. Sci. 45, 428–435 (2015)CrossRefGoogle Scholar
  39. 39.
    De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)Google Scholar
  40. 40.
    Najafabadi, M.M., Khoshgoftaar, T.M., Seliya, N.: Evaluating feature selection methods for network intrusion detection with kyoto data. Int. J. Reliab. Qual. Saf. Eng. 23(01), 1650001 (2016)Google Scholar
  41. 41.
    Xue, B., Zhang, M., Browne, W.N., Yao, X.: A survey on evolutionary computation approaches to feature selection. IEEE Trans. Evol. Comput. 20(4), 606–626 (2016)Google Scholar
  42. 42.
    Eid, H.F., Hassanien, A.E., Kim, T.H., Banerjee, S.: Linear correlation-based feature selection for network intrusion detection model. In: Advances in Security of Information and Communication Networks, pp. 240–248. Springer, Berlin (2013)Google Scholar
  43. 43.
    Alhaj, T.A., Siraj, M.M., Zainal, A., Elshoush, H.T., Elhaj, F.: Feature selection using information gain for improved structural-based alert correlation. PLoS ONE 11(11), e0166017 (2016)CrossRefGoogle Scholar
  44. 44.
    Bajaj, K., Arora, A.: Improving the intrusion detection using discriminative machine learning approach and improve the time complexity by data mining feature selection methods. Int. J. Comput. Appl. 76(1) (2013)Google Scholar
  45. 45.
    Oreski, D., Oreski, S., Klicek, B.: Effects of dataset characteristics on the performance of feature selection techniques. Appl. Soft Comput. 52, 109–119 (2017)CrossRefGoogle Scholar
  46. 46.
    Brown, G.W.: Standard deviation, standard error: which’standard’should we use? Am. J. Dis. Child. 136(10), 937–941 (1982)CrossRefGoogle Scholar
  47. 47.
  48. 48.
    [Online]. Available: https://netbeans.org/ [Accessed 26 April 2016]
  49. 49.
    [Online]. Available: https://www.tutorialspoint.com/ant/ant_creating_jar_files.htm [Accessed 26 April 2016]
  50. 50.
    Shrivas, A.K., Mishra, P.K.: Intrusion detection system for classification of attacks with cross validation. Probe 2(209), U2R (2016)Google Scholar
  51. 51.
    Elekar, K.S., Waghmare, M.M.: Comparison of tree base data mining algorithms for network intrusion detection. Int. J. Eng. Educ. Technol. 3(2) (2015)Google Scholar
  52. 52.
    Chae, H.S., Jo, B.O., Choi, S.H., Park, T.K.: Feature selection for intrusion detection using NSL-KDD. Recent Adv. Comput. Sci. 184–187 (2013)Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2017

Authors and Affiliations

  • Shadi Aljawarneh
    • 1
    Email author
  • Muneer Bani Yassein
    • 1
  • Mohammed Aljundi
    • 1
  1. 1.Faculty of Computer and Information TechnologyJordan University of Science and TechnologyIrbidJordan

Personalised recommendations