Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces
Attack is a serious problem in computer networks. Computer network security is summarized in CIA concepts including confidentiality, data integrity, and availability. Confidentiality means that information is disclosed only according to policy. Data integrity means that information is not destroyed or corrupted and that the system performs correctly. Availability means that the system services are available when they are needed. Security threats have different causes, such as flood, fire, system failure, intruders, and so on.
The rest of this chapter is organized as follows. In Sect. 20.2, we discuss the DARPA intrusion detection dataset. Section 20.3 discusses related works about the decision tree and feature deduction. In Sect. 20.4, we explain the decision tree and C4.5 algorithm. Section 20.5 reports the results of our experiments on building an intrusion detection model using the audit data from the DARPA evaluation program and reduced datasets obtained from other research. Section 20.6 offers discussion of future work and conclusive remarks.
KeywordsTransmission Control Protocol Intrusion Detection Intrusion Detection System Linear Genetic Programming Markov Blanket
Unable to display preview. Download preview PDF.
- 2.Lunt TF, Jagannathan R, Lee R, Listgarten S, Edwards DL, Javitz HS (1988). IDES: The enhanced prototype-A real-time intrusion-detection expert system. Number SRI-CSL-88-12. Menlo Park, CA: Computer Science Laboratory, SRI International.Google Scholar
- 6.Mukkamala S, Sung AH, Abraham A (2003). Intrusion detection using ensemble of soft computing paradigms. In: Third International Conference on Intelligent Systems Design and Applications, Intelligent Systems Design and Applications, Advances in Soft Computing, Springer Verlag, Germany, pp. 239–248.Google Scholar
- 7.Mukkamala S, Sung AH, Abraham A (2004). Modeling intrusion detection systems using linear genetic programming approach. In: The 17th International Conference on Industrial & Engineering Applications of Artificial Intelligence and Expert Systems, Innovations in Applied Artificial Intelligence, Robert Orchard, Chunsheng Yang, Moonis Ali (Eds.), LNCS 3029, Springer Verlag, Germany, pp. 633–642.Google Scholar
- 8.Mukkamala S, Sung AH, Abraham A, Ramos V (2004). Intrusion detection systems using adaptive regression splines. In: Sixth International Conference on Enterprise Information Systems, ICEIS’04, Portugal, I. Seruca, J. Filipe, S. Hammoudi and J. Cordeiro (Eds.), Vol. 3, pp. 26–33.Google Scholar
- 9.Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S (2004). Adaptive neuro-fuzzy intrusion detection system. In: IEEE International Conference on Information Technology: Coding and Computing (ITCC’04), USA, IEEE Computer Society, Vol. 1, pp. 70–74.Google Scholar
- 10.MIT Lincoln Laboratory. URL: http://www.ll.mit.edu/IST/ideval/.
- 11.Lee W, Stolfo SJ, Mok KW (1999). A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–132.Google Scholar
- 12.Lee W, Stolfo SJ, Mok KW (1999). Mining in a data-flow environment: Experience in network intrusion detection. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, CA, pp. 114–124.Google Scholar
- 13.KDD99 dataset (2003). URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.
- 14.Amor NB, Benferhat S, Elouedi Z (2004). Naive Bayes versus decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424.Google Scholar
- 15.Punch WF, Goodman ED, Pei M, Chia-Shun L, Hovland P, Enbody R (1993). Further research on feature selection and classification using genetic algorithms. In: Proceedings of the Fifth International Conference on Genetic Algorithms, pp. 557–560.Google Scholar
- 16.Pei M, Goodman ED, Punch WF (1998). Feature extraction using genetic algorithms. In: Proceedings of the International Symposium on Intelligent Data Engineering and Learning, pp. 371–384.Google Scholar
- 17.Chebrolu S, Abraham A, Thomas J (2005). Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers and Security, Vol. 24/4, Elsevier Science, New York, pp. 295–307.Google Scholar
- 18.Sung AH, Mukkamala S (2003). Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of International Symposium on Applications and the Internet, pp. 209–210.Google Scholar
- 20.Agrawal R, Gehrke J, Gunopulos D, Raghavan P (1998). Automatic subspace clustering of high dimensional data for data mining applications. In: Proceedings of ACMSIGMOD’98 International Conference on Management of Data, Seattle, WA, pp. 94–105Google Scholar
- 21.Quinlan JR (1993). C4.5, Programs for Machine Learning. Morgan Kaufmann, San Mateo, CA.Google Scholar
- 22.Quinlan JR (1968). Introduction of decision trees. Machine Learning, 1, pp. 86–106Google Scholar
- 23.KDDcup99 Intrusion detection dataset http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz.
- 24.Fawcett T (2004). ROC Graphs: Notes and Practical considerations for Researchers. Kluwer Academic, Dordrecht.Google Scholar
- 25.Sabhnani M, Serpen G (2003). KDD feature set complaint heuristic rules for R2L attack detection. Journal of Security and Management.Google Scholar