Network intrusion detection system using J48 Decision Tree

• Published in: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI) pp. 2023 - 2026
• Main Authors: Sahu, Shailendra, Mehtre, B. M.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.08.2015
• Subjects: Accuracy; Data mining; Decision tree; Decision trees; Feature extraction; Intrusion detection; Intrusion Detection System; J48 algorithm; Kyoto data set; Machine learning algorithms; Support vector machines
• ISBN: 9781479987900; 1479987905
• DOI: 10.1109/ICACCI.2015.7275914

As the number of cyber attacks have increased, detecting the intrusion in networks become a very tough job. For network intrusion detection system (NIDS), many data mining and machine learning techniques are used. However, for evaluation, most of the researchers used KDD Cup 99 data set, which has widely criticized for not showing current network situation. In this paper we used a new labelled network dataset, called Kyoto 2006+ dataset. In Kyoto 2006+ data set, every instant is labelled as normal (no attack), attack (known attack) and unknown attack. We use Decision Tree (J48) algorithm to classify the network packet that can be used for NIDS. For training and testing we used 134665 network instances. The generated rules works with 97.2% correctness for detecting the connection i.e., no attack, known attack or unknown attack.