Skip to main content
SpringerLink
Log in
Book cover

Trends in Intelligent Systems and Computer Engineering pp 273–284Cite as

Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces

  • Chapter

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 6))

Attack is a serious problem in computer networks. Computer network security is summarized in CIA concepts including confidentiality, data integrity, and availability. Confidentiality means that information is disclosed only according to policy. Data integrity means that information is not destroyed or corrupted and that the system performs correctly. Availability means that the system services are available when they are needed. Security threats have different causes, such as flood, fire, system failure, intruders, and so on.

The rest of this chapter is organized as follows. In Sect. 20.2, we discuss the DARPA intrusion detection dataset. Section 20.3 discusses related works about the decision tree and feature deduction. In Sect. 20.4, we explain the decision tree and C4.5 algorithm. Section 20.5 reports the results of our experiments on building an intrusion detection model using the audit data from the DARPA evaluation program and reduced datasets obtained from other research. Section 20.6 offers discussion of future work and conclusive remarks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Denning D (1987). An intrusion detection model. IEEE Transactions on Software Engineering, SE-13(2), pp. 222–232.

    Article  Google Scholar 

  2. Lunt TF, Jagannathan R, Lee R, Listgarten S, Edwards DL, Javitz HS (1988). IDES: The enhanced prototype-A real-time intrusion-detection expert system. Number SRI-CSL-88-12. Menlo Park, CA: Computer Science Laboratory, SRI International.

    Google Scholar 

  3. Pfahringer B (2000). Winning the KDD99 classification cup: Bagged boosting. SIGKDD Explorations, 1(2), pp. 65–66.

    Article  Google Scholar 

  4. Levin I (2000). KDD-99 classifier learning contest LLSoft’s results overview. SIGKDD Explorations, 1(2), pp. 67–75.

    Article  Google Scholar 

  5. Vladimir M, Alexei V, Ivan S (2000). The MP13 approach to the KDD’99 classifier learning contest. SIGKDD Explorations, 1(2), pp. 76–77.

    Article  Google Scholar 

  6. Mukkamala S, Sung AH, Abraham A (2003). Intrusion detection using ensemble of soft computing paradigms. In: Third International Conference on Intelligent Systems Design and Applications, Intelligent Systems Design and Applications, Advances in Soft Computing, Springer Verlag, Germany, pp. 239–248.

    Google Scholar 

  7. Mukkamala S, Sung AH, Abraham A (2004). Modeling intrusion detection systems using linear genetic programming approach. In: The 17th International Conference on Industrial & Engineering Applications of Artificial Intelligence and Expert Systems, Innovations in Applied Artificial Intelligence, Robert Orchard, Chunsheng Yang, Moonis Ali (Eds.), LNCS 3029, Springer Verlag, Germany, pp. 633–642.

    Google Scholar 

  8. Mukkamala S, Sung AH, Abraham A, Ramos V (2004). Intrusion detection systems using adaptive regression splines. In: Sixth International Conference on Enterprise Information Systems, ICEIS’04, Portugal, I. Seruca, J. Filipe, S. Hammoudi and J. Cordeiro (Eds.), Vol. 3, pp. 26–33.

    Google Scholar 

  9. Shah K, Dave N, Chavan S, Mukherjee S, Abraham A, Sanyal S (2004). Adaptive neuro-fuzzy intrusion detection system. In: IEEE International Conference on Information Technology: Coding and Computing (ITCC’04), USA, IEEE Computer Society, Vol. 1, pp. 70–74.

    Google Scholar 

  10. MIT Lincoln Laboratory. URL: http://www.ll.mit.edu/IST/ideval/.

  11. Lee W, Stolfo SJ, Mok KW (1999). A data mining framework for building intrusion detection models. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 120–132.

    Google Scholar 

  12. Lee W, Stolfo SJ, Mok KW (1999). Mining in a data-flow environment: Experience in network intrusion detection. In: Proceedings of the Fifth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, CA, pp. 114–124.

    Google Scholar 

  13. KDD99 dataset (2003). URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

  14. Amor NB, Benferhat S, Elouedi Z (2004). Naive Bayes versus decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424.

    Google Scholar 

  15. Punch WF, Goodman ED, Pei M, Chia-Shun L, Hovland P, Enbody R (1993). Further research on feature selection and classification using genetic algorithms. In: Proceedings of the Fifth International Conference on Genetic Algorithms, pp. 557–560.

    Google Scholar 

  16. Pei M, Goodman ED, Punch WF (1998). Feature extraction using genetic algorithms. In: Proceedings of the International Symposium on Intelligent Data Engineering and Learning, pp. 371–384.

    Google Scholar 

  17. Chebrolu S, Abraham A, Thomas J (2005). Feature Deduction and Ensemble Design of Intrusion Detection Systems. Computers and Security, Vol. 24/4, Elsevier Science, New York, pp. 295–307.

    Google Scholar 

  18. Sung AH, Mukkamala S (2003). Identifying important features for intrusion detection using support vector machines and neural networks. In: Proceedings of International Symposium on Applications and the Internet, pp. 209–210.

    Google Scholar 

  19. Tsamardinos I, Aliferis CF, Statnikov A (2003). Time and sample efficient discovery of Markov blankets and direct causal relations. In: Ninth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, USA: ACM Press, New York, pp. 673–678.

    Chapter  Google Scholar 

  20. Agrawal R, Gehrke J, Gunopulos D, Raghavan P (1998). Automatic subspace clustering of high dimensional data for data mining applications. In: Proceedings of ACMSIGMOD’98 International Conference on Management of Data, Seattle, WA, pp. 94–105

    Google Scholar 

  21. Quinlan JR (1993). C4.5, Programs for Machine Learning. Morgan Kaufmann, San Mateo, CA.

    Google Scholar 

  22. Quinlan JR (1968). Introduction of decision trees. Machine Learning, 1, pp. 86–106

    Google Scholar 

  23. KDDcup99 Intrusion detection dataset http://kdd.ics.uci.edu/databases/kddcup99/kddcup.data_10_percent.gz.

  24. Fawcett T (2004). ROC Graphs: Notes and Practical considerations for Researchers. Kluwer Academic, Dordrecht.

    Google Scholar 

  25. Sabhnani M, Serpen G (2003). KDD feature set complaint heuristic rules for R2L attack detection. Journal of Security and Management.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Michigan State University, East Lansing, MI 48824, USA

    Behrouz Minaei Bidgoli

  2. Computer Engineering Department, Iran University of Science and Technology, Narmak, Tehran, 16846, Iran

    Morteza Analoui & Mohammad Hossein Rezvani

  3. Electrical Engineering Department, Iran University of Science and Technology, Narmak, Tehran, 16846, Iran

    Hadi Shahriar Shahhoseini

Authors
  1. Behrouz Minaei Bidgoli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Morteza Analoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Hossein Rezvani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hadi Shahriar Shahhoseini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Tijuana Institute of Technology, 4207, Chula Vista, CA, 91909, USA

    Oscar Castillo

  2. Department of Systems Science and Engineering Yu-Quan Campus, Zhejiang University College of Electrical Engineering, 310027, Hangzhou, People's Republic of China

    Li Xu

  3. IAENG Secretariat, 37–39 Hung To Road Unit 1, 1/F, Hong Kong, People's Republic of China

    Sio-Iong Ao

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer Science+Business Media, LLC

About this chapter

Cite this chapter

Bidgoli, B.M., Analoui, M., Rezvani, M.H., Shahhoseini, H.S. (2008). Performance Evaluation of Decision Tree for Intrusion Detection Using Reduced Feature Spaces. In: Castillo, O., Xu, L., Ao, SI. (eds) Trends in Intelligent Systems and Computer Engineering. Lecture Notes in Electrical Engineering, vol 6. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-74935-8_20

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-74935-8_20

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-74934-1

  • Online ISBN: 978-0-387-74935-8

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation