Decision tree classifier for network intrusion detection with GA-based feature selection

Authors:
Gary Stein;Bing Chen;Annie S. Wu;Kien A. Hua
Affiliations:
University of Central Florida, Orlando, FL;University of Central Florida, Orlando, FL;University of Central Florida, Orlando, FL;University of Central Florida, Orlando, FL
Venue:
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Year:
2005

Citing 17
Cited 16

Adaptation in natural and artificial systems

Adaptation in natural and artificial systems
C4.5: programs for machine learning

C4.5: programs for machine learning
Feature Extraction, Construction and Selection: A Data Mining Perspective

Feature Extraction, Construction and Selection: A Data Mining Perspective
The utilization of artificial intelligence in a hybrid intrusion detection system

SAICSIT '02 Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
WBCsvm: Weighted Bayesian Classification based on Support Vector Machines

ICML '01 Proceedings of the Eighteenth International Conference on Machine Learning
Adaptive Selection Methods for Genetic Algorithms

Proceedings of the 1st International Conference on Genetic Algorithms
Further Research on Feature Selection and Classification Using Genetic Algorithms

Proceedings of the 5th International Conference on Genetic Algorithms
Coverage and Generalization in an Artificial Immune System

GECCO '02 Proceedings of the Genetic and Evolutionary Computation Conference
Using Text Categorization Techniques for Intrusion Detection

Proceedings of the 11th USENIX Security Symposium
An Application of Machine Learning to Network Intrusion Detection

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Identifying Important Features for Intrusion Detection Using Support Vector Machines and Neural Networks

SAINT '03 Proceedings of the 2003 Symposium on Applications and the Internet
Winning the KDD99 classification cup: bagged boosting

ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview

ACM SIGKDD Explorations Newsletter
The MP13 approach to the KDD'99 classifier learning contest

ACM SIGKDD Explorations Newsletter
Naive Bayes vs decision trees in intrusion detection systems

Proceedings of the 2004 ACM symposium on Applied computing
A study in using neural networks for anomaly and misuse detection

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Genetic algorithm optimized feature transformation: a comparison with different classifiers

GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII

Feature Weighting and Selection for a Real-Time Network Intrusion Detection System Based on GA with KNN

PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
Minimizing False Positives of a Decision Tree Classifier for Intrusion Detection on the Internet

Journal of Network and Systems Management
Enhancing network based intrusion detection for imbalanced data

International Journal of Knowledge-based and Intelligent Engineering Systems
Evolvable malware

Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Review: Intrusion detection by machine learning: A review

Expert Systems with Applications: An International Journal
Neural network based intrusion detection system for critical infrastructures

IJCNN'09 Proceedings of the 2009 international joint conference on Neural Networks
Similarity-based classification using specific features in network intrusion detection

AsiaCSN '08 Proceedings of the Fifth IASTED International Conference on Communication Systems and Networks
Evolving decision tree rule based system for audio stego anomalies detection based on Hausdorff distance statistics

Information Sciences: an International Journal
Audio steganalysis with Hausdorff distance higher order statistics using a rule based decision tree paradigm

Expert Systems with Applications: An International Journal
The use of artificial intelligence based techniques for intrusion detection: a review

Artificial Intelligence Review
Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers

Expert Systems with Applications: An International Journal
Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification

Journal of Network and Computer Applications
Decision tree based light weight intrusion detection using a wrapper approach

Expert Systems with Applications: An International Journal
An Optimum-Path Forest framework for intrusion detection in computer networks

Engineering Applications of Artificial Intelligence
Decision tree selection in an industrial machine fault diagnostics

MEDI'12 Proceedings of the 2nd international conference on Model and Data Engineering
gNIDS: rule-based network intrusion detection system using genetic algorithms

International Journal of Intelligent Systems Technologies and Applications

Quantified Score

Hi-index	0.01

Visualization

Abstract

Machine Learning techniques such as Genetic Algorithms and Decision Trees have been applied to the field of intrusion detection for more than a decade. Machine Learning techniques can learn normal and anomalous patterns from training data and generate classifiers that then are used to detect attacks on computer systems. In general, the input data to classifiers is in a high dimension feature space, but not all of features are relevant to the classes to be classified. In this paper, we use a genetic algorithm to select a subset of input features for decision tree classifiers, with a goal of increasing the detection rate and decreasing the false alarm rate in network intrusion detection. We used the KDDCUP 99 data set to train and test the decision tree classifiers. The experiments show that the resulting decision trees can have better performance than those built with all available features.