Intrusion Detection Using Improved Decision Tree Algorithm with Binary and Quad Split

  • Shubha PuthranEmail author
  • Ketan Shah
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 625)


Security is a big issue for all servers including defence and government organisations. The Intrusion detection system (IDS) is one that scans server’s incoming data activities and attempts to detect the attacks. Data mining based IDS have shown good detection rates for normal and DoS attacks, but do not perform well on Probe, U2R and R2L attacks.

The paper highlights the poor performance of existing ID3 algorithm for Probe, R2L and U2R attacks. The paper also proposes improved decision tree algorithm using binary split (IDTBS) and improved decision tree algorithm using quad split (IDTQS) for improving the detection rate of Probe, U2R and R2L attacks. In this research, KDD99 dataset is used for the experimentation. The True Positive Rate (TPR) accuracy of both the algorithms are compared with the existing ID3 decision tree algorithm. IDTQS algorithm outperforms with the True Positive Rates (TPR) accuracy for Probe, R2L and U2R attacks with values of 99.23 %, 95.57 % and 56.31 % respectively.


KDD 1999 Decision tree Quad split Binary split Intrusion detection 


  1. 1.
    Chen, T., Zhang, X., Kim, S.: Efficient classification using parallel scalable compressed model and its application, pp. 5972–5983. Elsevier, China (2014)Google Scholar
  2. 2.
    David, J., Borghetti, J., Angela, A.: Survey of Distance and Similarity Measures Used Within NW Intrusion Anomaly Detection, pp. 70–91. IEEE, USA (2015)Google Scholar
  3. 3.
    Mazid, M.M., Ali, S., Tickle, K.: Improved C4.5 algorithm for rule based classification. In: Recent Advances in AI knowledge Engineering and Data Bases, pp. 296–301. ACM (2010)Google Scholar
  4. 4.
    Ektefa, M., Memar, S., Serdang: Intrusion detection using data mining techniques. In: CAMP, pp. 200–203. IEEE (2010)Google Scholar
  5. 5.
    Adetunmbi, A., Adeola, S., Abosede, O.: Analysis of KDD 99 intrusion detection dataset for selection of relevance features. In: WCECS, pp. 162–168 (2010)Google Scholar
  6. 6.
    Gaikwad, D.P., Thool, R.: Intrusion detection system using bagging with partial decision treebase classifier. In: ICAC3, pp. 92–98. Elsevier (2015)Google Scholar
  7. 7.
    Jabez, J., Muthukumar, B.: Intrusion detection system (IDS): anomaly detection using outlier detection approach. In: ICCC, pp. 338–346. Elsevier (2015)Google Scholar
  8. 8.
    Wua, S.Y., Yen, E.: Data mining-based intrusion detectors. Expert Syst. Appl. 36(3), 5605–5612 (2009). ElsevierCrossRefGoogle Scholar
  9. 9.
    Amudha, P., Rauf, H.A.: Performance Analysis of Data Mining Approaches in Intrusion Detection, India, pp. 1–6. IEEE (2012)Google Scholar
  10. 10.
    Bagheri, E., WeiLu, Ghorbani, A.A.: A Detailed Analysis of the KDD CUP 99 Data Set. IEEE (2009)Google Scholar
  11. 11.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (2009)Google Scholar
  12. 12.
    SANS Institute Authors: Intrusion Detection Systems: Definition. Need and Challenges, SANS Institute Reading Room (2001)Google Scholar
  13. 13.
    Subrata, S.P.N., Kumar, B.I.: A comparative study of bagging, boosting and C4.5. Asian J. Inf. Techn. 9, 300–306 (2010)CrossRefGoogle Scholar
  14. 14.
    Kotsiantis, S.B.: Decision trees: a recent overview. Artif. Intell. Rev. 39, 261–283 (2011). Springer Science and business mediaCrossRefGoogle Scholar
  15. 15.
    Simone, A., Ludwig, F.: Analyzing Gene Expression Data: Fuzzy Decision Tree Algorithm Applied to the Classification of Cancer Data, pp. 1–8. IEEE (2015)Google Scholar
  16. 16.
    Wikipedia, free encyclopedia, cross validation statistics, timestamp: 14: 00 hrs, 22 March 2016Google Scholar
  17. 17.
    Dunham, M.H., Sridhar, S.: Data Mining Introductory and Advanced Topics. Prentice Hall, Saddle River (2015)Google Scholar
  18. 18.
    Bjerkestrand, T., Tsaptsinos, D., Pfluegel, E.: Evaluation of feature selection and reduction algorithms for network IDS data. In: Cyber Situational Awareness (CyberSA), London, pp. 1–2 (2015)Google Scholar
  19. 19.
    Neha, G., Dharmaraj, R.: Implementation of network intrusion detection system using variant of decision tree algorithm. In: 2015 International Conference on Nascent Technologies in the Engineering Field (ICNTE-2015), India, pp. 1–5 (2015)Google Scholar
  20. 20.
    Aggarwal, P., Sharma, S.: An empirical comparison of classifiers to analyze intrusion detection. In: Advanced Computing Communication Technologies (ACCT) Fifth International Conference on IEEE, India, pp. 6–12 (2015)Google Scholar
  21. 21.
    Elekar, K.S.: Combination of data mining techniques for intrusion detection system. In: 2015 International Conference on Communication and Control (IC4). IEEE (2015)Google Scholar
  22. 22.
    Thakur, D., Markandaiah, N., Sharan Raj, D.: Re optimization of ID3 and C4. 5 decision tree. In: 2010 International Conference on IEEE Computer and Communication Technology (ICCCT), pp. 448–450 (2010)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2016

Authors and Affiliations

  1. 1.CE and IT DepartmentMukesh Patel School of Technology Management and EngineeringMumbaiIndia
  2. 2.IT DepartmentMukesh Patel School of Technology Management and EngineeringMumbaiIndia

Personalised recommendations