A Partial Approach to Intrusion Detection

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The need for intrusion detection continues to grow with the advancement of new and emerging devices, the increase in the vectors of attack these bring, and their computational limitations. This work examines the suitability of a traditional data mining approach often overlooked in intrusion detection, partial decision trees, on the recent CICIDS 2017 dataset. The approach was evaluated against recent deep learning results and shows that the partial decision tree outperformed these deep learning techniques for the detection of DDoS and Portscan attacks. Further analysis of the complete dataset has been performed using this partial technique. The creation of a reduced feature version of the dataset is proposed using PCA and is evaluated using a partial decision tree. It shows that a ten feature version of the dataset can produce a detection rate of 99.4% across the twelve classes, with a 77% reduction in training time.

Original languageEnglish
Title of host publication11th EAI International Conference, ICDF2C 2020, Proceedings
EditorsSanjay Goel, Pavel Gladyshev, Daryl Johnson, Makan Pourzandi, Suryadipta Majumdar
PublisherSpringer
Pages78-97
Number of pages20
ISBN (Print)9783030687335
DOIs
Publication statusPublished - 2021
Event11th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2020 - Boston, United States
Duration: 15 Oct 202016 Oct 2020

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume351
ISSN (Print)1867-8211
ISSN (Electronic)1867-822X

Conference

Conference11th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2020
Country/TerritoryUnited States
CityBoston
Period15/10/202016/10/2020

Keywords

  • CICIDS
  • Data mining
  • IDS
  • Partial decision trees
  • PCA

Fingerprint

Dive into the research topics of 'A Partial Approach to Intrusion Detection'. Together they form a unique fingerprint.

Cite this