Skip to main content
SpringerLink
Log in

An enhanced J48 classification algorithm for the anomaly intrusion detection systems

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

In this paper, we have developed an enhanced J48 algorithm, which uses the J48 algorithm for improving the detection accuracy and the performance of the novel IDS technique. This enhanced J48 algorithm is seen to help in an effective detection of probable attacks which could jeopardise the network confidentiality. For this purpose, the researchers used many datasets by integrating different approaches like the J48, Naive Bayes, Random Tree and the NB-Tree. An NSL KDD intrusion dataset was applied while carrying out all experiments. This dataset was divided into 2 datasets, i.e., training and testing, which was based on the data processing. Thereafter, a feature selection method based on the WEKA application was used for evaluating the efficacy of all the features. The results obtained suggest that this algorithm showed a better, accurate and more efficient performance without using the above-mentioned features when compared to the feature selection procedure. An implementation of this algorithm guaranteed the dataset classification based on a detection accuracy of 99.88% for all the features when using the 10-fold cross-validation test, a 90.01% accuracy for the supplied test set after using the complete test datasets along with all the features and a 76.23% accuracy for supplying the test set after using the test-21 dataset along with all features.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)

    Article  Google Scholar 

  2. Sheta, A.F., Alamleh, A.: A Professional Comparison of C4.5, MLP, SVM for Network Intrusion Detection Based Feature Selection Analysis (2015)

  3. Onik, A.R., Haq, N.F., Alam, L., Mamun, T.I.: An analytical comparison on filter feature extraction method in data mining using J48 classifier. Int. J. Comput. Appl. 124(13) (2015)

  4. Kumar, G.R., Nimmala, M., Narasimha, G.: An approach for intrusion detection using novel Gaussian based kernel function. J. Univers. Comput. Sci. 22(4), 589–604 (2016)

    MathSciNet  Google Scholar 

  5. Witten, I.H., Frank, E., Hall, M.A., Pal, C.J.: Data Mining: Practical Machine Learning Tools and Techniques. Morgan Kaufmann (2016)

  6. Panda, M., Patra, M.R.: Network intrusion detection using Naïve bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258–263 (2007)

    Google Scholar 

  7. Weiming, H., Wei, H., Maybank, S.: AdaBoost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. B Cybern. 38, 577–583 (2008)

    Article  Google Scholar 

  8. Kosamkar, V.: Improved Intrusion detection system using C4.5 decision tree and support vector machine. Doctoral dissertation, Mumbai University (2013)

  9. Li, W., Yi, P., Wu, Y., Pan, L., Li, J.: A new intrusion detection system based on KNN classification algorithm in wireless sensor network. J. Electr. Comput. Eng. 1–7 (2014). doi:10.1155/2014/240217

  10. Ahmed, M., Mahmood, A.N., Hu, J.: A survey of network anomaly detection techniques. J. Netw. Comput. Appl. 60, 19–31 (2016)

    Article  Google Scholar 

  11. Pathan, A.S.K. (ed.).: The State of the Art in Intrusion Prevention and Detection. CRC Press (2014)

  12. Ashfaq, R.A.R., Wang, X.Z., Huang, J.Z., Abbas, H., He, Y.L.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)

    Article  Google Scholar 

  13. Breiman, L., Friedman, J., Stone C., Olshen, R.: Classification and Regression Trees. The Wadsworth and Brooks-Cole Statistics-Probability Series. Taylor and Francis (1984)

  14. Quinlan, J.R.: C4. 5: Programs for Machine Learning. Elsevier (2014)

  15. Han, J., Kamber, M., Pei, J.: Data Mining: Concepts and Techniques, 3rd edn. Morgan Kaufmann Publishers Inc., San Francisco (2012)

    MATH  Google Scholar 

  16. Ooi, S.Y., Leong, Y.M., Lim, M.F., Tiew, H.K., Pang, Y.H.: Network intrusion data analysis via consistency subset evaluator with ID3, C4.5 and bestfirst trees. IJCSNS 13(2), 7 (2013)

  17. Medhat, K., Ramadan, R.A., Talkhan, I.: Security in mission critical communication systems: approach for intrusion detection. In: Multimedia Services and Applications in Mission Critical Communication Systems, pp. 270–291. IGI Global (2017)

  18. Sahu, S., Mehtre, B.M.: Network intrusion detection system using J48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI), pp. 2023–2026. IEEE (2015, August)

  19. Panda, M., Abraham, A., Patra, M.R.: A hybrid intelligent approach for network intrusion detection. Procedia Eng. 30, 1–9 (2012)

  20. Aburomman, A., Reaz, M.: A novel SVM-kNNPSO ensemble method for intrusion detection system. Appl. Soft Comput. J. 38, 360–372 (2016)

    Article  Google Scholar 

  21. Goeschel, K.: Reducing false positives in intrusion detection systems using data-mining techniques utilizing support vector machines, decision trees, and naive Bayes for off-line analysis. SoutheastCon 2016, Norfolk, pp. 1–6 (2016)

  22. Sharma, S., Gupta, A., Agrawel, S.: A survey of intrusion detection system for denial of service attack in cloud. Int. J. Comput. Appl. 19, 1–4 (2015)

    Google Scholar 

  23. Al Kaabi, S., Al Kindi, N., Al Fazari, S., Trabelsi, Z.: Virtualization based ethical educational platform for hands-on lab activities on DoS attacks. 2016 IEEE Global Engineering Education Conference (EDUCON), pp. 273–280 (2016)

  24. Noureldien, N., Yousif, I.: Accuracy of machine learning algorithms in detecting DoS attacks types. Sci. Technol. 6(4), 89–92 (2016)

    Google Scholar 

  25. AbdJalil, K., Mara, S.: Comparison of machine learning algorithms performance in detecting network intrusion. In: Proceedings of Networking and Information Technology (ICNIT), pp. 221–226. Manila (2010)

  26. Jain, Y.K., Upendra: An efficient intrusion detection based on decision tree classifier using feature reduction. Int. J. Sci. Res. Publ. 2(1), January (2012)

  27. Mazraeh, S., Modhej, A., Neysi, S.H.N.: Intrusion detection in computer networks using combination of machine learning techniques. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 16(8), 122 (2016)

    Google Scholar 

  28. Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging ensemble method of machine learning. In: 2015 International Conference on Computing Communication Control and Automation (ICCUBEA), pp. 291–295. IEEE (2015, February)

  29. Nema, A., Tiwari, B., Tiwari, V.: Improving accuracy for intrusion detection through layered approach using support vector machine with feature reduction. In: Proceedings of the ACM Symposium on Women in Research 2016, pp. 26–31. ACM (2016, March)

  30. Modi, U., Jain, A.: An improved method to detect intrusion using machine learning algorithms. Inf. Eng. Int. J. 4.2, 17–29 (2016)

  31. [Online]. Available: https://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html [Accessed 26 April 2017]

  32. Chaudhari, R.R., Patil, S.P.: Intrusion Detection System: Classification, Techniques and Datasets to Implement (2017)

  33. Aljawarneh, S., Aldwairi, M., Yasin, M.B.: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model. J. Comput. Sci. (2017)

  34. Smith, T.C., Frank, E.: Introducing machine learning concepts with WEKA. Stat. Genom. Methods Protoc. 353–378 (2016)

  35. [Online]. Available Weka: http://www.cs.waikato.ac.nz/ml/index.html. [Accessed 26 April 2017]

  36. Alcala-Fdez, J., Garcia, S., Fernandez, A., Luengo, J., Gonzalez, S., Saez, J. A., Triguero, I., Moyano, J.M., Jesus, M.J., Sanchez, L., Herrera, F.: Comparison of KEEL versus open source Data Mining tools: Knime and Weka software (2016)

  37. Bouckaert, R.R., Frank, E., Hall, M.A., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: WEKA\(\hat{{\rm a}}\hat{}\)’ experiences with a java open-source project. J. Mach. Learn. Res. 11(Sep), 2533–2541 (2010)

  38. Ravage, U., Marathe, N., Padiya, P.: Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Procedia Comput. Sci. 45, 428–435 (2015)

    Article  Google Scholar 

  39. De la Hoz, E., De La Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164, 71–81 (2015)

  40. Najafabadi, M.M., Khoshgoftaar, T.M., Seliya, N.: Evaluating feature selection methods for network intrusion detection with kyoto data. Int. J. Reliab. Qual. Saf. Eng. 23(01), 1650001 (2016)

  41. Xue, B., Zhang, M., Browne, W.N., Yao, X.: A survey on evolutionary computation approaches to feature selection. IEEE Trans. Evol. Comput. 20(4), 606–626 (2016)

  42. Eid, H.F., Hassanien, A.E., Kim, T.H., Banerjee, S.: Linear correlation-based feature selection for network intrusion detection model. In: Advances in Security of Information and Communication Networks, pp. 240–248. Springer, Berlin (2013)

  43. Alhaj, T.A., Siraj, M.M., Zainal, A., Elshoush, H.T., Elhaj, F.: Feature selection using information gain for improved structural-based alert correlation. PLoS ONE 11(11), e0166017 (2016)

    Article  Google Scholar 

  44. Bajaj, K., Arora, A.: Improving the intrusion detection using discriminative machine learning approach and improve the time complexity by data mining feature selection methods. Int. J. Comput. Appl. 76(1) (2013)

  45. Oreski, D., Oreski, S., Klicek, B.: Effects of dataset characteristics on the performance of feature selection techniques. Appl. Soft Comput. 52, 109–119 (2017)

    Article  Google Scholar 

  46. Brown, G.W.: Standard deviation, standard error: which’standard’should we use? Am. J. Dis. Child. 136(10), 937–941 (1982)

    Article  Google Scholar 

  47. [Online]. Available https://math.stackexchange.com/questions/651077/is-standard-deviation-the-same-as-entropy. [Accessed 26 April 2017]

  48. [Online]. Available: https://netbeans.org/ [Accessed 26 April 2016]

  49. [Online]. Available: https://www.tutorialspoint.com/ant/ant_creating_jar_files.htm [Accessed 26 April 2016]

  50. Shrivas, A.K., Mishra, P.K.: Intrusion detection system for classification of attacks with cross validation. Probe 2(209), U2R (2016)

    Google Scholar 

  51. Elekar, K.S., Waghmare, M.M.: Comparison of tree base data mining algorithms for network intrusion detection. Int. J. Eng. Educ. Technol. 3(2) (2015)

  52. Chae, H.S., Jo, B.O., Choi, S.H., Park, T.K.: Feature selection for intrusion detection using NSL-KDD. Recent Adv. Comput. Sci. 184–187 (2013)

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer and Information Technology, Jordan University of Science and Technology, Irbid, Jordan

    Shadi Aljawarneh, Muneer Bani Yassein & Mohammed Aljundi

Authors
  1. Shadi Aljawarneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Muneer Bani Yassein
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed Aljundi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shadi Aljawarneh.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aljawarneh, S., Yassein, M.B. & Aljundi, M. An enhanced J48 classification algorithm for the anomaly intrusion detection systems. Cluster Comput 22 (Suppl 5), 10549–10565 (2019). https://doi.org/10.1007/s10586-017-1109-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-1109-8

Keywords

Search

Navigation