Indian Journal of Science and Technology

Abstract

Objective: This study proposes a model for building the network intrusion detection system using a machine learning algorithm called decision tree. This system detects primarily an anomaly based intrusion. Methods: In this model, the categorical features from the dataset Change Control IDentifiers (CCIDS) 2017 are encoded using label encoder. Using Recursive-Feature-Elimination (RFE) some best features is selected. This data is then divided into training and testing data. Training data is then used to form a Decision-Tree-Model wherein each leaf signifies the possible outcome. Findings: Classification models are developed making use of the training data to classify the test data as malicious or benign. Measuring the accuracy of the classifier on future data rather than the past data is of a paramount aspect. The observed accuracy of the classifier on test data is 99%. The precision of the proposed system indicates that the True-Positive-Rate (TPR) is 99.9% and the False-Positive-Rate (FPR) is 0.1%. The proposed model uses the latest data set for training data and test data compared to the traditional systems which have been modeled using KDD-CUP-99 data set. Moreover, unlike other systems, it does not use any data-mining tool like Weka. This work provides as basis for any new algorithm using dataset CCIDS 2017. Improvements: The work can be extended to exploit the big data available for attacks and intrusions using big data analytics.

Keywords: Accuracy, Detection, Decision Tree, Intrusion, Machine Learning