A new intelligent intrusion detector based on ensemble of decision trees

  • Seyed Morteza Mousavi
  • Vahid MajidnezhadEmail author
  • Avaz Naghipour
Original Research


Artificial intelligence and machine learning are in widespread use nowadays in order to develop automatic and precise models for different tasks especially in the Internet. In this paper, by the use of machine learning techniques, an intrusion detection system is proposed. An intrusion detection system is involved extensive mass of data; such data is naturally characterized with repetitions and noise which leads to the reduction in the stability and the accuracy of the intrusion detection system. Hence, the issue of reducing features dimensions for achieving a smaller subset of features which can precisely express the results and status of network observations has attracted a lot of researchers’ attention. In the proposed method, by using gradually feature removal method, 16 critical features were selected for representing various network visits. By combining ant colony algorithm and ensemble of decision trees, we proposed an efficient and stable classifier for judging a network visit to be normal or not. Despite the selection of 16 features, high accuracy, i.e. 99.92%, and the average value of Matthews correlation coefficient 0.91 are obtained.


Intrusion detection systems Ensemble of decision trees Ant colony optimization Feature selection 



Thank you for all people who helped us with this research and its hard way.


  1. Aggarwal P, Sharma SK (2015) Analysis of KDD dataset attributes—class wise for intrusion detection. Procedia Comput Sci 57:842–851CrossRefGoogle Scholar
  2. Alamiedy TA, Anbar M, Alqattan ZNM, Alzubi QM (2019) Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm. J Ambient Intell Humaniz Comput 2019:1–22Google Scholar
  3. Aloqaily M, Otoum S, Ridhawi I, Jararweh Y (2019) An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw 90:101842CrossRefGoogle Scholar
  4. Alrawashdeh K, Purdy C (2016) Toward an online anomaly intrusion detection system based on deep learning. In: 15th IEEE international conference on machine learning and applications (ICMLA), IEEE, Anaheim, CA, USA, pp 195–200.
  5. Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303CrossRefGoogle Scholar
  6. Amor N, Benferhat S, Elouedi Z (2004) Naive bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM symposium on applied computing, ACM, Nicosia, Cyprus, pp 420–424.
  7. Aslam JA, Popa RA, Rivest RL (2007) On estimating the size and confidence of a statistical audit. In: Proceedings of the USENIX workshop on accurate electronic voting technology, USENIX Association, Boston, MA, p 8–8Google Scholar
  8. Besharati E, Naderan M, Namjoo E (2019) LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J Ambient Intell Humaniz Comput 10(9):3669–3692CrossRefGoogle Scholar
  9. Breiman L, Friedman J, Olshen R, Stone C (1984) Classification and regression trees. Chapman and Hall, WadsworthzbMATHGoogle Scholar
  10. Chebrolu S, Abraham A, Thomas JP (2005) Feature deduction and ensemble design of intrusion detection systems. Comput Secur 24:295–307CrossRefGoogle Scholar
  11. Chimphlee W, Abdullah AH, Sap MNM, Srinoy S, Chimphlee S (2006) Anomaly-based intrusion detection using fuzzy rough clustering. In: International conference on hybrid information technology, IEEE, Cheju Island, South Korea, pp 329–334.
  12. Dada EG (2017) A hybridized SVM-kNN-pdAPSO approach to intrusion detection system. Fac Semin Ser Univ Maid 8:48–54Google Scholar
  13. Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 13:222–232CrossRefGoogle Scholar
  14. Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29:713–722CrossRefGoogle Scholar
  15. Dorigo M, Maniezzo V, Colorni A (1991) The ant system: An autocatalytic optimizing process. Technical Report No. 91-016, Politecnico di Milano, Italy, pp 1–21Google Scholar
  16. Elhag S, Fernández A, Altalhi A, AlshomraniS Herrera F (2019) A multi-objective evolutionary fuzzy system to obtain a broad and accurate set of solutions in intrusion detection systems. Soft Comput 23:1321CrossRefGoogle Scholar
  17. Fleuret F (2004) Fast binary feature selection with conditional mutual information. J Mach Learn Res 5:1531–1555MathSciNetzbMATHGoogle Scholar
  18. Freund Y, Schapire RE (1997) A decision-theoretic generalization of on-line learning and an application to boosting. J Comput Syst Sci 55:119–139MathSciNetzbMATHCrossRefGoogle Scholar
  19. Hoque MS, Mukit MA, Bikas MAN, Sazzadul Hoque M (2012) An implementation of intrusion detection system using genetic algorithm. Int J Netw Secur Appl 4:109–120Google Scholar
  20. Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324CrossRefGoogle Scholar
  21. Horng SJ, Su M-Y, Chen YH, Kao TK, Chen RJ, Lai JL, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38:306–313CrossRefGoogle Scholar
  22. Jo S, Sung H, Ahn B (2015) A comparative study on the performance of intrusion detection using decision tree and artificial neural network models. J Korea Soc Digit Ind Inf Manag 11:33–45Google Scholar
  23. Joseph JFC, Das A, Lee B-S, Seet B-C (2010) CARRADS: cross layer based adaptive real-time routing attack detection system for MANETS. Comput Netw 54:1126–1141zbMATHCrossRefGoogle Scholar
  24. Karimi Z, Harounabadi A (2013) Feature ranking in intrusion detection dataset using combination of filtering methods. Int J Comput Appl 78:21–27Google Scholar
  25. Kearns M (1988) Thoughts on hypothesis boosting. Unpublished manuscript, Machine Learning class project 45:105Google Scholar
  26. Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J 16:507–521CrossRefGoogle Scholar
  27. Kohavi R, John GH (1997) Wrappers for feature subset selection. Artif Intell 97:273–324zbMATHCrossRefGoogle Scholar
  28. Langin C, Rahimi S (2010) Soft computing in intrusion detection: the state of the art. J Ambient Intell Humaniz Comput 1(2):133–145CrossRefGoogle Scholar
  29. Li Y, Guo L (2007) An active learning based TCM-KNN algorithm for supervised network intrusion detection. Comput Secur 26:459–467CrossRefGoogle Scholar
  30. Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39:424–430CrossRefGoogle Scholar
  31. Lytras M, Raghavan V, Damiani E (2017) Big data and data analytics research: from metaphores to value space for collective wisdom in human decision making and smart machines. Int J Semant Web Inf Syst 13(1):1–10CrossRefGoogle Scholar
  32. Lytras M, Visvizi A, Sarirete A (2019) Clustering smart city services: perceptions, expectations responses. Sustainability 11(6):1–19CrossRefGoogle Scholar
  33. Mukherjee S, Sharma N (2012) Intrusion detection using Naïve Bayes classifier with feature reduction. Procedia Technol 4:119–128CrossRefGoogle Scholar
  34. Mukkamala S, Sung AH (2003) Feature selection for intrusion detection with neural networks and support vector machines. Transp Res Rec 1822(1):33–39CrossRefGoogle Scholar
  35. Mukkamala S, Sung AH, Abraham A (2004) Modeling intrusion detection systems using linear genetic programming approach. Innov Appl Artif Intell 1:633–642CrossRefGoogle Scholar
  36. Onik AR, Samad T (2017) A network intrusion detection framework based on Bayesian network using wrapper approach. Int J Comput Appl 166:13–17Google Scholar
  37. Park ST, Li G, Hong JC (2018) A study on smart factory-based ambient intelligence context-aware intrusion detection system using machine learning. J Ambient Intell Humaniz Comput 2018:1–8Google Scholar
  38. Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res 2:1848–1854Google Scholar
  39. Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34:2227–2235CrossRefGoogle Scholar
  40. Selvakumar K, Karuppiah M, SaiRamesh L, Islam SKH, Hasan MM, Fortino G, Choo KKR (2019) Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs. Inf Sci 497:77–90CrossRefGoogle Scholar
  41. Shafi K, Abbass HA (2009) An adaptive genetic-based signature learning system for intrusion detection. Expert Syst Appl 36:12036–12043CrossRefGoogle Scholar
  42. Sharifi AM, Amirgholipour SK, Pourebrahimi A (2015) Intrusion detection based on joint of K-means and KNN. J Converg Inf Technol 10:42–51Google Scholar
  43. Sheltami T, Basabaa A, Shakshuki E (2014) A3ACKs: adaptive three acknowledgments intrusion detection system for MANETs. J Ambient Intell Humaniz Comput 5(4):611–620CrossRefGoogle Scholar
  44. Sruit M, Lytras M (2018) Applied data science in patient-centric healthcare. Telemat Inf 35(4):643–653CrossRefGoogle Scholar
  45. Tsai CF, Lin CY (2010) A triangle area based nearest neighbors approach to intrusion detection. Pattern Recogn 43:222–229zbMATHCrossRefGoogle Scholar
  46. Tsang CH, Kwong S, Wang H (2007) Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection. Pattern Recogn 40:2373–2391zbMATHCrossRefGoogle Scholar
  47. Vapnik VN (1998) Statistical learning theory. Adapt Learn Syst Signal Process Commun Control 2:1–740zbMATHGoogle Scholar
  48. Wang W, Battiti R (2006) Identifying intrusions in computer networks with principal component analysis. In: Proceedings of first international conference on availability, reliability and security. ARES06, IEEE, Vienna, Austria, pp 271–279.
  49. Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst Appl 37:6225–6232CrossRefGoogle Scholar
  50. Xiang C, Yong PC, Meng LS (2008) Design of multiple-level hybrid classifier for intrusion detection system using Bayesian clustering and decision trees. Pattern Recogn Lett 29:918–924CrossRefGoogle Scholar
  51. Xiao L, Liu Y (2009) A two step feature selection algorithm adapting to intrusion detection. In: International joint conference on artificial intelligence, IEEE, Hainan Island, China, pp 618–622.
  52. Zhao G, Zhang C, Zheng L (2017) Intrusion detection using deep belief network and probabilistic neural network. In: IEEE international conference on computational science and engineering (CSE) and IEEE international conference on embedded and ubiquitous computing (EUC), IEEE, Guangzhou, China, pp 639–642.

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Computer EngineeringUniversity College of Nabi AkramTabrizIran
  2. 2.Department of Computer Engineering, Shabestar BranchIslamic Azad UniversityShabestarIran

Personalised recommendations