Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.795

Decision Tree Techniques with Feature Reduction for Network Anomaly Detection  

Kang, Koohong (Dept. of Information and Communications Eng., Seowon University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 795-805 More about this Journal
Abstract
Recently, there is a growing interest in network anomaly detection technology to tackle unknown attacks. For this purpose, diverse studies using data mining, machine learning, and deep learning have been applied to detect network anomalies. In this paper, we evaluate the decision tree to see its feasibility for network anomaly detection on NSL-KDD data set, which is one of the most popular data mining techniques for classification. In order to handle the over-fitting problem of decision tree, we select 13 features from the original 41 features of the data set using chi-square test, and then model the decision tree using TensorFlow and Scik-Learn, yielding 84% and 70% of binary classification accuracies on the KDDTest+ and KDDTest-21 of NSL-KDD test data set. This result shows 3% and 6% improvements compared to the previous 81% and 64% of binary classification accuracies by decision tree technologies, respectively.
Keywords
Network Anomaly Detection; NSL-KDD Data Set; Decision Tree; Feature Selection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. Patel, Q.S. Qassim, and C. Wills, "Survey of intrusion detection and prevention systems," Information Management & Computer Security, vol. 18, no. 4, pp. 277-290, Oct. 2010.   DOI
2 M. Ahmed, A.N. Mahmood, and J. Hu, "A survey of network anomaly detection techniques," Journal of Network and Computer Applications, vol. 60, issue C, pp.19-31, Jan. 2016.   DOI
3 S.R. Safavian and D. Landgrebe, "A survey of decision tree classifier methodology," IEEE Trans. on Systems, Man and Cybernetics, vol. 21, no. 3, pp.660-674, June 1991.   DOI
4 C. Kruegel and T. Toth, "Using decision trees to improve signature-based intrusion detection," RAID 2003, LNCS 2820, pp.173-191, Feb. 2004.
5 J. Lee, J. Lee, S. Sohn, J. Ryu, and T. Chung, "Effective value of decision tree with KDD 99 intrusion detection datasets for intrusion detection system," Proceedings of the 10th International Conference on Advanced Communication Technology, pp. 1170-1175, Feb. 2008.
6 H. Hota and A.K. Shrivas, "Decision tree techniques applied on NSL-KDD data and its comparison with various feature selection techniques," Advanced Computing, Networking and Informatics - Volume 1 Proceedings of the Second International Conference on Advanced Computing, Networking and Informatics, pp. 205-211, 2014.
7 M. Tavallaee, E. Bagheri, W. Lu, and A.A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," Proceedings of 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1-6, July 2009.
8 KDD Cup 1999 Data, Available on: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
9 NSL-KDD dataset, Available on: https://www.unb.ca/cic/datasets/nsl.html, March 2009.
10 K. Cios, R.W. Swiniarski, and W. Pedrycz, Data mining methods for knowledge discovery, 3rd Ed., Kluwer Academic Publishers, 2000.
11 A. Geron, Hands-On Machine Learning with Scikit-Learn & TensorFlow, O'REILLY, 2017
12 S. Chebrolu, A. Abrahan, and J.P. Thomas, "Feature deduction and ensemble design of intrusion detection system," Journal of Computers and Security, vol. 24, issue 4, pp. 295-307, June 2005.   DOI
13 A. Zainal, M.A. Maarof, and S.M. Shamsuddin, "Feature selection using rough set in intrusion detection," TENCON 2006 - 2006 IEEE Region 10 Conference, pp. 1-4, Dec. 2006.
14 SelectKBest, Available on: https://scikit-learn.org/stable/modules/generated/sklearn.feature_selection.SelectKBest.html
15 DecisionTreeClassifier, Available on: https://scikit-learn.org/stable/modules/generated/sklearn.tree.DecisionTreeClassifier.html
16 Get started with TensorFlow, https://www.tensorflow.org
17 D. Kwon, J. Kim, H. Kim, and S. Cuh, "A survey of deep learning-based network anomaly detection," Cluster Computing Journal, Springer, pp. 1-13, 2017.
18 W. Lee, S.J. Stolfo, and K.W. Mok, "A data mining framework for building intrusion detection models," Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120-132, May 1999.