Intrusion detection using improved decision tree algorithm with binary and quad split

Abstract

Security is a big issue for all servers including defence and government organisations. The Intrusion detection system (IDS) is one that scans server’s incoming data activities and attempts to detect the attacks. Data mining based IDS have shown good detection rates for normal and DoS attacks, but do not perform well on Probe, U2R and R2L attacks. The paper highlights the poor performance of existing ID3 algorithm for Probe, R2L and U2R attacks. The paper also proposes improved decision tree algorithm using binary split (IDTBS) and improved decision tree algorithm using quad split (IDTQS) for improving the detection rate of Probe, U2R and R2L attacks. In this research, KDD99 dataset is used for the experimentation. The True Positive Rate (TPR) accuracy of both the algorithms are compared with the existing ID3 decision tree algorithm. IDTQS algorithm outperforms with the True Positive Rates (TPR) accuracy for Probe, R2L and U2R attacks with values of 99.23%, 95.57% and 56.31% respectively.