A decision tree based intrusion detection system with bootstrap aggregating, discretization, and feature selection

Abstract

In this thesis, many machine learning techniques which are used for network intrusion detection are analyzed in detail. An intrusion detection system based on a combination of bootstrap aggregating, discretization, feature selection and classi cation methods is proposed for achieving a successful denial of service attack detection rate. Detecting denial of service attacks is the main purpose of this study, but detecting other kinds of network attacks and normal network tra c correctly is also our concern. We use various lters on training dataset before we form the model. Firstly, the bootstrap aggregating method is applied for creating di erent training datasets from the original dataset and combining the results that come from each of them. Secondly, entropy based discretization, equal-width binning, equal-frequency binning, and proportional k-interval discretization methods are used for discretizing the numeric attribute values. Finally, correlation based feature selection, consistency based feature selection, information gain based feature selection, and symmetrical uncertainty based feature selection methods are applied for decreasing the complexity. After the ltering steps, J48 decision tree classi er is used for learning. Then, the model is tested with a distinct dataset. KDD'99 training and testing datasets are used for experiments. Our combined method has increased the success of single classi er for all performance measures. Especially, adding bootstrap aggregating to ltered and attribute selected classi er provided a remarkable improvement.