Application of decision tree classifiers to computer intrusion detection

Nong Ye, Xiangyang Li

Research output: Contribution to journalArticle

Abstract

There is an increasing demand for techniques to detect intrusions into a computer and network system for information security and assurance. This paper describes our research effort on the application of a data mining technique, decision trees, to automatically learn and recognize intrusion signatures for intrusion detection. In our study, decision tree classifiers are used to classify activities in a computer and network system into different states and determine the possibility of an intrusion based on the state classification. Our design of decision tree classifiers is based on an incremental tree induction algorithm. Two decision tree classifiers are developed. One decision tree classifier examines single events of activities in a computer and network system for intrusion detection (single event version). Another decision tree classifier examines a sequence of events in a moving window at a given time for intrusion detection (moving window version). We use computer audit data for training and testing the decision tree classifiers. The testing results of the two decision tree classifiers are analyzed and compared. The "moving window" version of the decision tree classifier produces better performance in intrusion detection.

Original languageEnglish (US)
Pages (from-to)381-390
Number of pages10
JournalManagement Information Systems
Volume2
StatePublished - 2000

Fingerprint

Intrusion detection
Decision trees
Classifiers
Decision tree
Classifier
Trees (mathematics)
Testing
Security of data
Data mining

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Application of decision tree classifiers to computer intrusion detection. / Ye, Nong; Li, Xiangyang.

In: Management Information Systems, Vol. 2, 2000, p. 381-390.

Research output: Contribution to journalArticle

@article{555d90cc3da549159cfa57c6643b28c1,
title = "Application of decision tree classifiers to computer intrusion detection",
abstract = "There is an increasing demand for techniques to detect intrusions into a computer and network system for information security and assurance. This paper describes our research effort on the application of a data mining technique, decision trees, to automatically learn and recognize intrusion signatures for intrusion detection. In our study, decision tree classifiers are used to classify activities in a computer and network system into different states and determine the possibility of an intrusion based on the state classification. Our design of decision tree classifiers is based on an incremental tree induction algorithm. Two decision tree classifiers are developed. One decision tree classifier examines single events of activities in a computer and network system for intrusion detection (single event version). Another decision tree classifier examines a sequence of events in a moving window at a given time for intrusion detection (moving window version). We use computer audit data for training and testing the decision tree classifiers. The testing results of the two decision tree classifiers are analyzed and compared. The {"}moving window{"} version of the decision tree classifier produces better performance in intrusion detection.",
author = "Nong Ye and Xiangyang Li",
year = "2000",
language = "English (US)",
volume = "2",
pages = "381--390",
journal = "Management Information Systems",
issn = "1470-6326",
publisher = "Management Information Systems Research Center",

}

TY - JOUR

T1 - Application of decision tree classifiers to computer intrusion detection

AU - Ye, Nong

AU - Li, Xiangyang

PY - 2000

Y1 - 2000

N2 - There is an increasing demand for techniques to detect intrusions into a computer and network system for information security and assurance. This paper describes our research effort on the application of a data mining technique, decision trees, to automatically learn and recognize intrusion signatures for intrusion detection. In our study, decision tree classifiers are used to classify activities in a computer and network system into different states and determine the possibility of an intrusion based on the state classification. Our design of decision tree classifiers is based on an incremental tree induction algorithm. Two decision tree classifiers are developed. One decision tree classifier examines single events of activities in a computer and network system for intrusion detection (single event version). Another decision tree classifier examines a sequence of events in a moving window at a given time for intrusion detection (moving window version). We use computer audit data for training and testing the decision tree classifiers. The testing results of the two decision tree classifiers are analyzed and compared. The "moving window" version of the decision tree classifier produces better performance in intrusion detection.

AB - There is an increasing demand for techniques to detect intrusions into a computer and network system for information security and assurance. This paper describes our research effort on the application of a data mining technique, decision trees, to automatically learn and recognize intrusion signatures for intrusion detection. In our study, decision tree classifiers are used to classify activities in a computer and network system into different states and determine the possibility of an intrusion based on the state classification. Our design of decision tree classifiers is based on an incremental tree induction algorithm. Two decision tree classifiers are developed. One decision tree classifier examines single events of activities in a computer and network system for intrusion detection (single event version). Another decision tree classifier examines a sequence of events in a moving window at a given time for intrusion detection (moving window version). We use computer audit data for training and testing the decision tree classifiers. The testing results of the two decision tree classifiers are analyzed and compared. The "moving window" version of the decision tree classifier produces better performance in intrusion detection.

UR - http://www.scopus.com/inward/record.url?scp=4544379577&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=4544379577&partnerID=8YFLogxK

M3 - Article

VL - 2

SP - 381

EP - 390

JO - Management Information Systems

JF - Management Information Systems

SN - 1470-6326

ER -