Intrusion Detection using Decision Tree Model in High-Speed Environment

摘要

Due to the rise in the usage and speed of internet, the rate of data generated over the internet is enormously increasing. This growth also upturns the security threats on the enterprise network and the Internet. Detecting such intrusion in a high-speed network at realtime is a challenging task. Existing machine learning- based Intrusion Detection Systems (IDSs) are not able to perceive recent unknown attacks while working at high-speed networks. Therefore, to address these challenges, we propose a real-time intrusion detection system for the high-speed environment using decision tree-based classification model, i.e., C4.5, with a fewer number of flow features. The nine best features are selected amongst forty-one from KDD99 intrusion dataset using FSR and BER techniques. The accuracy of the proposed IDS is evaluated in terms of true positive (TP- more than 99%) and false positive (FP- less than 0.001 %), and efficiency in terms of processing time. The higher accuracy and efficiency make the system to be able to work in a real-time and high-speed environment.