A Comparative Analysis of Decision Tree and Bayesian Model for Network Intrusion Detection System

Denial of Service Attacks (DoS) is a major threat to computer networks. This paper presents two approaches (Decision tree and Bayesian network) to the building of classifiers for DoS attack. Important attributes selection increases the classification accuracy of intrusion detection systems; as decision tree which has the advantage of generating explainable rules was used for the selection of relevant attributes in this research. A C4.5 decision tree dimensional reduction algorithm was used in reducing the 41 attributes of the KDD´99 dataset to 29. Thereafter, a rule based classification system (decision tree) was built as well as Bayesian network classification system for denial of service attack (DoS) based on the selected attributes. The classifiers were evaluated and compared using performance on the test dataset. Experimental results show that Decision Tree is robust and gives the highest percentage of successful classification than Bayesian Network which was found to be sensitive to the discritization techniques. It has been successfully tested that significant attribute selection is important in designing a real world intrusion detection system (IDS). Keywords— Intrusion Detection System, Machine Learning, Decision Tree, and Bayesian Network

Evaluation of Machine Learning Algorithms for Intrusion Detection System

Intrusion detection system (IDS) is one of the implemented solutions against harmful attacks. Furthermore, attackers always keep changing their tools and techniques. However, implementing an accepted IDS system is also a challenging task. In this paper, several experiments have been performed and evaluated to assess various machine learning classifiers based on KDD intrusion dataset. It succeeded to compute several performance metrics in order to evaluate the selected classifiers. The focus was on false negative and false positive performance metrics in order to enhance the detection rate of the intrusion detection system. The implemented experiments demonstrated that the decision table classifier achieved the lowest value of false negative while the random forest classifier has achieved the highest average accuracy rate

Application of bagging, boosting and stacking to intrusion detection

This paper investigates the possibility of using ensemble algorithms to improve the performance of network intrusion detection systems. We use an ensemble of three different methods, bagging, boosting and stacking, in order to improve the accuracy and reduce the false positive rate. We use four different data mining algorithms, naïve bayes, J48 (decision tree), JRip (rule induction) and iBK( nearest neighbour), as base classifiers for those ensemble methods. Our experiment shows that the prototype which implements four base classifiers and three ensemble algorithms achieves an accuracy of more than 99% in detecting known intrusions, but failed to detect novel intrusions with the accuracy rates of around just 60%. The use of bagging, boosting and stacking is unable to significantly improve the accuracy. Stacking is the only method that was able to reduce the false positive rate by a significantly high amount (46.84%); unfortunately, this method has the longest execution time and so is insufficient to implement in the intrusion detection fiel