An Optimized Decision Tree Approach for Intrusion Detection

Abstract

Nowadays, with rapid development in networking infrastructures and with an
increase in Internet usage, network security has become an important issue for discussion.
Some major challenges with regard to network security are DOS attack, Botnets etc., and
sometimes vulnerabilities in network design can also serve as intrusion points for intruders.
Therefore, this paper focuses and ensures on optimum network security by setting some
thresholds on generic based feature selection mechanism in order to block and overcome
attacks like DOS, R2L and U2R etc. In order to verify our approach, a broadly known intrusion
dataset named NSL-KDD is used. For detecting the attacks in a network efficiently and also to
reduce the false alarm rate, we optimize the decision trees by using Ant Colony Optimization
(ACO) algorithm. In order to reduce the data set size we have used ACO algorithm for feature
selection. This would provide a more efficient and reduced version of a decision tree and it will
also help to identify the exact attack categories. Thus, this approach will prove to be quite an
efficient way to identify intrusions in a network for the detection of any abnormal activity on
the network. Thus, the proposed system will (1) immediately block an intruder if any of the
threshold values set are exceeded. (2) it will list the exact type of attack used by an intruder to
get access to the network (3) it also ensures optimum network security.