Application of decision tree classifiers to computer intrusion detection

Nong Ye, Xiangyang Li

Research output: Contribution to journalConference articlepeer-review


There is an increasing demand for techniques to detect intrusions into a computer and network system for information security and assurance. This paper describes our research effort on the application of a data mining technique, decision trees, to automatically learn and recognize intrusion signatures for intrusion detection. In our study, decision tree classifiers are used to classify activities in a computer and network system into different states and determine the possibility of an intrusion based on the state classification. Our design of decision tree classifiers is based on an incremental tree induction algorithm. Two decision tree classifiers are developed. One decision tree classifier examines single events of activities in a computer and network system for intrusion detection (single event version). Another decision tree classifier examines a sequence of events in a moving window at a given time for intrusion detection (moving window version). We use computer audit data for training and testing the decision tree classifiers. The testing results of the two decision tree classifiers are analyzed and compared. The "moving window" version of the decision tree classifier produces better performance in intrusion detection.

Original languageEnglish (US)
Pages (from-to)381-390
Number of pages10
JournalManagement Information Systems
StatePublished - Dec 1 2000
EventSecond International Conference on Data Mining, Data Minig II - Cambridge, United Kingdom
Duration: Jul 5 2000Jul 7 2000

ASJC Scopus subject areas

  • Management Information Systems
  • Information Systems
  • Engineering(all)
  • Computer Science Applications
  • Information Systems and Management


Dive into the research topics of 'Application of decision tree classifiers to computer intrusion detection'. Together they form a unique fingerprint.

Cite this