Performance Analysis of Decision Tree for Intrusion Detection with Reduced DARPA Offline Feature Sets

摘要

Machine learning techniques such as decision tree have been used for network intrusion detection for a decade. These techniques are able to learn the normal and anomalous pattern from training data and generate useful classifiers to detect attacks to computer systems. Most of the current Intrusion Detection Systems (IDS) examine all data features to detect intrusion or misused patterns. Some of the features may be redundant or contribute little (if anything) to the detection process. In this paper we use some KDDCUP99 reduced feature sets, obtained from the previous researches, to classify with decision tree technique. We analyze the performance of using this reduced feature sets for network intrusion detection. We use KDDCUP99 data for training and testing of decision tree. Experiments show that the resulted decision trees have better performance compared to the case in which we use all features. This research discusses the accuracy of decision tree for classifying reduced feature sets.