Attack is a serious problem in computer networks. Computer network security is summarized in CIA concepts including confidentiality, data integrity, and availability. Confidentiality means that information is disclosed only according to policy. Data integrity means that information is not destroyed or corrupted and that the system performs correctly. Availability means that the system services are available when they are needed. Security threats have different causes, such as flood, fire, system failure, intruders, and so on.
The rest of this chapter is organized as follows. In Sect. 20.2, we discuss the DARPA intrusion detection dataset. Section 20.3 discusses related works about the decision tree and feature deduction. In Sect. 20.4, we explain the decision tree and C4.5 algorithm. Section 20.5 reports the results of our experiments on building an intrusion detection model using the audit data from the DARPA evaluation program and reduced datasets obtained from other research. Section 20.6 offers discussion of future work and conclusive remarks.
Keywords
- Transmission Control Protocol
- Intrusion Detection
- Intrusion Detection System
- Linear Genetic Programming
- Markov Blanket
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Denning D (1987). An intrusion detection model. IEEE Transactions on Software Engineering, SE-13(2), pp. 222–232.
Lunt TF, Jagannathan R, Lee R, Listgarten S, Edwards DL, Javitz HS (1988). IDES: The enhanced prototype-A real-time intrusion-detection expert system. Number SRI-CSL-88-12. Menlo Park, CA: Computer Science Laboratory, SRI International.
Pfahringer B (2000). Winning the KDD99 classification cup: Bagged boosting. SIGKDD Explorations, 1(2), pp. 65–66.
Levin I (2000). KDD-99 classifier learning contest LLSoft’s results overview. SIGKDD Explorations, 1(2), pp. 67–75.
Vladimir M, Alexei V, Ivan S (2000). The MP13 approach to the KDD’99 classifier learning contest. SIGKDD Explorations, 1(2), pp. 76–77.
Mukkamala S, Sung AH, Abraham A (2003). Intrusion detection using ensemble of soft computing paradigms. In: Third International Conference on Intelligent Systems Design and Applications, Intelligent Systems Design and Applications, Advances in Soft Computing, Springer Verlag, Germany, pp. 239–248.
Mukkamala S, Sung AH, Abraham A (2004). Modeling intrusion detection systems using linear genetic programming approach. In: The 17th International Conference on Industrial & Engineering Applications of Artificial Intelligence and Expert Systems, Innovations in Applied Artificial Intelligence, Robert Orchard, Chunsheng Yang, Moonis Ali (Eds.), LNCS 3029, Springer Verlag, Germany, pp. 633–642.
Mukkamala S, Sung AH, Abraham A, Ramos V (2004). Intrusion detection systems using adaptive regression splines. In: Sixth International Conference on Enterprise Information Systems, ICEIS’04, Portugal, I. Seruca, J. Filipe, S. Hammoudi and J. Cordeiro (Eds.), Vol. 3, pp. 26–33.
Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S (2004). Adaptive neuro-fuzzy intrusion detection system. In: IEEE International Conference on Information Technology: Coding and Computing (ITCC’04), USA, IEEE Computer Society, Vol. 1, pp. 70–74.
MIT Lincoln Laboratory. URL: http://www.ll.mit.edu/IST/ideval/.
Lee W, Stolfo SJ, Mok KW (1999). A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–132.
Lee W, Stolfo SJ, Mok KW (1999). Mining in a data-flow environment: Experience in network intrusion detection. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, CA, pp. 114–124.
KDD99 dataset (2003). URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
Amor NB, Benferhat S, Elouedi Z (2004). Naive Bayes versus decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424.
Punch WF, Goodman ED, Pei M, Chia-Shun L, Hovland P, Enbody R (1993). Further research on feature selection and classification using genetic algorithms. In: Proceedings of the Fifth International Conference on Genetic Algorithms, pp. 557–560.
Pei M, Goodman ED, Punch WF (1998). Feature extraction using genetic algorithms. In: Proceedings of the International Symposium on Intelligent Data Engineering and Learning, pp. 371–384.
Chebrolu S, Abraham A, Thomas J (2005). Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers and Security, Vol. 24/4, Elsevier Science, New York, pp. 295–307.
Sung AH, Mukkamala S (2003). Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of International Symposium on Applications and the Internet, pp. 209–210.
Tsamardinos I, Aliferis CF, Statnikov A (2003). Time and sample efficient discovery of Markov blankets and direct causal relations. In: Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, USA: ACM Press, New York, pp. 673–678.
Agrawal R, Gehrke J, Gunopulos D, Raghavan P (1998). Automatic subspace clustering of high dimensional data for data mining applications. In: Proceedings of ACMSIGMOD’98 International Conference on Management of Data, Seattle, WA, pp. 94–105
Quinlan JR (1993). C4.5, Programs for Machine Learning. Morgan Kaufmann, San Mateo, CA.
Quinlan JR (1968). Introduction of decision trees. Machine Learning, 1, pp. 86–106
KDDcup99 Intrusion detection dataset http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz.
Fawcett T (2004). ROC Graphs: Notes and Practical considerations for Researchers. Kluwer Academic, Dordrecht.
Sabhnani M, Serpen G (2003). KDD feature set complaint heuristic rules for R2L attack detection. Journal of Security and Management.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Bidgoli, B.M., Analoui, M., Rezvani, M.H., Shahhoseini, H.S. (2008). Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces. In: Castillo, O., Xu, L., Ao, SI. (eds) Trends in Intelligent Systems and Computer Engineering. Lecture Notes in Electrical Engineering, vol 6. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-74935-8_20
Download citation
DOI: https://doi.org/10.1007/978-0-387-74935-8_20
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-74934-1
Online ISBN: 978-0-387-74935-8
eBook Packages: EngineeringEngineering (R0)