DECISION TREE APPLICATION TO INTRUSION DETECTION SYSTEMS
Keywords:
Intrusion detection systems, anomaly-based IDS, C4.5 algorithm, decision tree, cluster analysisAbstract
The purpose of the intrusion detection systems (IDS) is to reveal any violence of the organizations’ security policy – unauthorized access from outsiders, rising privileges of authorized users, violation of the confidentiality and/or integrity of system resources. The present paper presents an examination of the current IDS, based on the anomalies (behavioral analysis), where C4.5 algorithm is applied in a host-based scenario in order to describe the normal user activity, using decision tree. As a second step, a cluster analysis has been applied with purpose to classify current user activity as normal or malicious. With purpose of approving the proposed methodology, a number of simulation experiments have been applied and the obtained results have been analyzed.
Downloads
References
Published
Issue
Section
License
Articles published in "Computer Science and Communications" Magazine are licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
