Abstract
The widespread use of the Internet of Things and distributed heterogeneous devices has shed light on the implementation of efficient and reliable intrusion detection systems. These systems should be able to efficiently protect data and physical devices from cyber-attacks. However, the huge amount of data with different dimensions and security features can affect the detection accuracy and increase the computation complexity of these systems. Lately, Artificial Intelligence has received significant interest and is now being integrated into these systems to intelligently detect and protect against cyber-attacks. This paper aims to propose an intelligent intrusion detection model to predict and detect attacks in cyberspace. The model is designed based on the concept of Decision Trees, taking into consideration the ranking of the security features. The model is applied to a real dataset for network intrusion detection systems. Moreover, it is validated based on predefined performance evaluation metrics, namely accuracy, precision, recall and Fscore. Meanwhile, the experimental results reveal that our tree-based intrusion detection model can detect and predict cyber-attacks efficiently and reduce the complexity of computation process compared to other traditional machine learning techniques.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
The dataset used in this research is publicly available on the Kaggle website.
Code Availability
All experiments in this research were implemented in Jupyter Notebook, Python using predefined machine learning packages and libraries, namely sklearn and matplotlib.
References
Otoum, S., Kantarci, B., Mouftah, H.: A Comparative Study of AI-based Intrusion Detection Techniques in Critical Infrastructures. arxiv.org. (2020)
Hesselman, C., Grosso, P., Holz, R., Kuipers, F., Xue, J.H., Jonker, M., de Ruiter, J., Sperotto, A., van Rijswijk-Deij, R., Moura, G.C.M., Pras, A., de Laat, C.: A responsible internet to increase trust in the digital world. J. Netw. Syst. Manag. 28, 882–922 (2020). https://doi.org/10.1007/s10922-020-09564-7
Tavallaee, M., Stakhanova, N., Ghorbani, A.A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 40, 516–524 (2010). https://doi.org/10.1109/TSMCC.2010.2048428
Tapiador, J.E., Orfila, A., Ribagorda, A., Ramos, B.: Key-recovery attacks on KIDS, a keyed anomaly detection system. IEEE Trans. Dependable Secur. Comput. 12, 312–325 (2015). https://doi.org/10.1109/TDSC.2013.39
Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18, 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502
Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutorials 21, 686–728 (2019). https://doi.org/10.1109/COMST.2018.2847722
Nisioti, A., Mylonas, A., Yoo, P.D., Katos, V.: From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun. Surv. Tutorials 20, 3369–3388 (2018). https://doi.org/10.1109/COMST.2018.2854724
Thomas, T., Vijayaraghavan, A.P., Emmanuel, S.: Machine Learning Approaches in Cyber Security Analytics. Springer, Singapore (2019)
Otoum, S., Kantarci, B., Mouftah, H.T.: A novel ensemble method for advanced intrusion detection in wireless sensor networks. In: IEEE International Conference on Communications. Institute of Electrical and Electronics Engineers Inc. (2020)
Al Ridhawi, I., Otoum, S., Aloqaily, M., Boukerche, A.: Generalizing AI: challenges and opportunities for plug and play AI solutions. IEEE Netw. (2020). https://doi.org/10.1109/MNET.011.2000371
Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020). https://doi.org/10.1016/j.jisa.2019.102419
Gumusbas, D., Yldrm, T., Genovese, A., Scotti, F.: A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Syst. J. (2020). https://doi.org/10.1109/jsyst.2020.2992966
Shapoorifard, H., Shamsinejad, P.: Intrusion detection using a novel hybrid method incorporating an improved KNN. Int. J. Comput. Appl. 173, 5–9 (2017). https://doi.org/10.5120/ijca2017914340
Ji, S.Y., Choi, S., Jeong, D.H.: Designing an internet traffic predictive model by applying a signal processing method. J. Netw. Syst. Manag. 23, 998–1015 (2015). https://doi.org/10.1007/s10922-014-9335-3
Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65, 2986–2998 (2016). https://doi.org/10.1109/TC.2016.2519914
Amiri, F., Rezaei Yousefi, M., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34, 1184–1199 (2011). https://doi.org/10.1016/j.jnca.2011.01.002
Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018). https://doi.org/10.1109/ACCESS.2018.2836950
Mahdavifar, S., Ghorbani, A.A.: Application of deep learning to cybersecurity: a survey. Neurocomputing 347, 149–176 (2019). https://doi.org/10.1016/j.neucom.2019.02.056
Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12, 493–501 (2019). https://doi.org/10.1007/s12083-017-0630-0
Kang, M.-J., Kang, J.-W.: Intrusion detection system using deep neural network for in-vehicle network security. PLoS One 11, e0155781 (2016). https://doi.org/10.1371/journal.pone.0155781
Feng, F., Liu, X., Yong, B., Zhou, R., Zhou, Q.: Anomaly detection in ad-hoc networks based on deep learning model: a plug and play device. Ad Hoc Netw. 84, 82–89 (2019). https://doi.org/10.1016/j.adhoc.2018.09.014
Zhao, G., Zhang, C., Zheng, L.: Intrusion detection using deep belief network and probabilistic neural network. In: Proceedings—2017 IEEE International Conference on Computational Science and Engineering and IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, CSE and EUC 2017, pp. 639–642. Institute of Electrical and Electronics Engineers Inc. (2017)
Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019). https://doi.org/10.1016/j.jisa.2018.11.007
Aloqaily, M., Otoum, S., Al Ridhawi, I., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 101842 (2019). https://doi.org/10.1016/j.adhoc.2019.02.001
Peng, Y., Wu, Z., Jiang, J.: A novel feature selection approach for biomedical data classification. J. Biomed. Inform. 43, 15–23 (2010). https://doi.org/10.1016/j.jbi.2009.07.008
Kang, S.H., Kim, K.J.: A feature selection approach to find optimal feature subsets for the network intrusion detection system. Clust. Comput. 19, 325–333 (2016). https://doi.org/10.1007/s10586-015-0527-8
Eesa, A.S., Orman, Z., Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42, 2670–2679 (2015). https://doi.org/10.1016/j.eswa.2014.11.009
Ingre, B., Yadav, A., Soni, A.K.: Decision tree based intrusion detection system for NSL-KDD dataset. In: Satapathy S., Joshi A. (eds.) Information and Communication Technology for Intelligent Systems (ICTIS 2017) - Vol. 2, ICTIS 2017. Smart Innovation, Systems and Technologies, pp. 207–218. Springer Science and Business Media Deutschland GmbH (2018)
Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 73, 2881–2895 (2017). https://doi.org/10.1007/s11227-015-1604-8
Sarker, I.H., Colman, A., Han, J., Khan, A.I., Abushark, Y.B., Salah, K.: BehavDT: a behavioral decision tree learning to build user-centric context-aware predictive model. Mob. Netw. Appl. 25, 1151–1161 (2020). https://doi.org/10.1007/s11036-019-01443-z
Puthran, S., Shah, K.: Intrusion detection using improved decision tree algorithm with binary and quad split. In: Mueller P., Thampi S., Alam Bhuiyan M., Ko R., Doss R., Alcaraz Calero J. (eds.) Security in Computing and Communications, pp. 427–438. Springer (2016)
Rai, K., Syamala Devi, M., Guleria, A.: Decision tree based algorithm for intrusion detection. Int. J. Adv. Netw. Appl. 7, 2828–2834 (2016)
Sarker, I.H., Abushark, Y.B., Alsolami, F., Khan, A.I.: IntruDTree: a machine learning based cyber security intrusion detection model. Symmetry (Basel) 12, 754 (2020). https://doi.org/10.3390/SYM12050754
Kaggle, https://www.kaggle.com (2020). Accessed 24 July 2020
Zheng, A., Casari, A.: Feature Engineering for Machine Learning. O’Reilly Media, Sebastopol (2018)
Han, J., Kamber, M., Pei, J.: Data mining: Concepts and Techniques. Elsevier, Amsterdam (2012)
Funding
Not applicable.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Al-Omari, M., Rawashdeh, M., Qutaishat, F. et al. An Intelligent Tree-Based Intrusion Detection Model for Cyber Security. J Netw Syst Manage 29, 20 (2021). https://doi.org/10.1007/s10922-021-09591-y
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-021-09591-y