Ensembles of Decision Trees for Network Intrusion Detection Systems

Balon-Perin, Alexandre; Gambäck, Björn

Home // International Journal On Advances in Security, volume 6, numbers 1 and 2, 2013 // View article

Ensembles of Decision Trees for Network Intrusion Detection Systems

Authors:
Alexandre Balon-Perin
Björn Gambäck

Keywords: intrusion detection, ensemble approaches, bagging, decision trees, support vector machines

Abstract:
The paper discusses intrusion detection systems built using ensemble approaches, i.e., by combining several machine learning algorithms. The main idea is to exploit the strengths of each algorithm of the ensemble to obtain a robust classifier. Network attacks can be divided into four classes: probe, remote to local, denial of service, and user to root. Each module of the ensemble designed in this work is itself an ensemble created by using bagging of decision trees and is specialized on the detection of one class of attacks. Experiments highlighted the efficiency of the approach and showed that increased accuracy can be obtained when each class of attacks is treated as a separate problem and handled by specialized algorithms. In all experiments, the ensemble was able to decrease the number of false positives and false negatives. However, some limitations of the used dataset (KDD99) were observed. In particular, the distribution of examples of remote to local attacks between the training set and test set made it difficult to evaluate the ensemble for this class of attacks. Furthermore, the algorithms need to be trained with specific feature subsets selected according to their relevance to the class of attacks being detected.

Pages: 62 to 77

Publication date: June 30, 2013

Published in: journal

ISSN: 1942-2636