International Journal of Advanced Research in Engineering and Technology (IJARET)

Volume 11, Issue 7, July 2020, pp. 869-880, Article ID: IJARET_11_07_085
Available online at https://iaeme.com/Home/issue/IJARET?Volume=11&Issue=7
ISSN Print: 0976-6480 and ISSN Online: 0976-6499
DOI: 10.34218/IJARET.11.7.2020.085

© IAEME Publication Scopus Indexed

EXPERIMENTAL ANALYSIS OF DECISION

TREE CLASSIFIER IN INTRUSION DETECTION
Ajeesha M I
Research Scholar, School of Computer Studies, Rathnavel Subramaniam College of Arts and
Science, Coimbatore, Tamil Nadu, India.

Dr. D Francis Xavier Christopher

Director, School of Computer Studies, Rathnavel Subramaniam College of Arts and Science,
Coimbatore, Tamil Nadu, India.

ABSTRACT
Machine learning is an incessantly developing field, it differs from traditional
computational approaches. Machine learning algorithms permits computers to train on
data inputs. It is requisite to analyze large amount of data and extract useful knowledge
from it. In this paper we will explore supervised machine learning algorithms for
intrusion detection. An intrusion detection system (IDS) is a system that monitors
network traffic for harmful activities. Decision trees are employed to visually illustrate
decisions and inform decision making. In the whole experimentations, we compare the
performance of decision tree with other supervised machine learning classifiers.
Evaluating the performance metrics such as accuracy, precision, recall and F1 score is
done. Comparison of Roc_Auc score with accuracy is also verified. The Decision tree
reaches high accuracy value of 98.7% using KDD cup99 dataset.
Keywords: Decision Tree classifier, KDD Cup99, Supervised Machine learning
classifiers, Intrusion detection system
Cite this Article: Ajeesha M I and D Francis Xavier Christopher, Experimental Analysis of
Decision Tree Classifier in Intrusion Detection, International Journal of Advanced Research in
Engineering and Technology (IJARET), 11(7), 2020, pp. 869-880.
https://iaeme.com/Home/issue/IJARET?Volume=11&Issue=7

1. INTRODUCTION
The last decade has seen rapid advancements in machine learning techniques empowering
automation and predictions in scales never imagined before. This further leads to researchers
and engineers visualize new applications for these techniques. The aim of machine learning is
to make sense of the structure of data and fit that data into models that can be recognized and
employed by the people. Machine learning algorithms use computational methods to learn
information directly from data without depending on a predestined equation as a model.
Machine learning uses two types of techniques such as supervised learning and unsupervised
learning.

https://iaeme.com/Home/journal/IJARET 869 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

1.1. Supervised Machine Learning

Supervised machine learning trains a model on specified input and output data so it can predict
future outputs. The model makes predictions based on evidence in the presence of uncertainty.
It takes a specified input data and specified responses to the output and trains a model to result
in the predictions for new data. Classification and regression techniques are used to develop
machine learning models.
Classification Techniques: It predicts independent responses, and classifies the data into
categories. For data to be categorize, tagged, or separated to groups classification methods are
used. The common algorithms used are Support vector machine(svm), k-nearest neighbor,
naive bayes, logistic regression and neural networks [8].
Regression Techniques: It is used to understand the relationship between independent and
dependent variables. It predicts for continuous responses. Common regression algorithms
include linear model, non-linear model, neural networks and adaptive neuro fuzzy learning.

1.2. Unsupervised Machine Learning

Unsupervised learning finds isolated patterns in the data. It leads to conclusions from dataset
consisting of input data without labeled responses. Clustering is the most common unsupervised
method. It is used for experimental data analysis to find hidden patterns in the data. Figure1
depicts the types of machine learning techniques.

Figure 1 Machine learning techniques

Machine learning is a system of automated data processing algorithms, which helps for
decision making based on the results. These algorithms are able to consume enormous number
of records quickly and make predictions accurately [9]. Every machine learning model has a
purpose and is designed to perform specified tasks.
Machine learning techniques were used in network security systems. The most familiar risk
to a system security is an intrusion. The task is to build an IDS which is capable of
distinguishing between bad connections and normal connections. We will explain different
machine learning techniques to build robust IDS. An intrusion detection system monitors
network traffic for anomalous activities. The IDS is divided as given below.

1.3. Signature Based IDS

It detects the attacks based on the specific patterns, which compares the incoming traffic with
pre-existing known attack patterns known as signatures. It is difficult to find new attacks.

https://iaeme.com/Home/journal/IJARET 870 [email protected]

 Ajeesha M I and D Francis Xavier Christopher

1.4. Anomaly Based IDS

It detects unknown attacks as new malware are developed rapidly. It uses machine learning to
create a model and then compares new behavior with existing model.

1.5. Network Intrusion Detection System (NIDS)

NIDS examines traffic from all devices on the network. Once an attack is identified, the alert
can be sent to the administrator [10]. It is placed in single or multiple points to monitor all
network traffic.

1.6. Host Based Intrusion Detection System (HIDS)

HIDS run on independent hosts on the network. It monitors the incoming and outgoing packets
from the device only and send alerts to the administrator if malicious activity is detected.
Machine Learning is a subset of Artificial Intelligence that consists of all the methods and
algorithms which allows the machines to learn automatically using mathematical models in
order to extract useful information from the huge datasets. The mostly used Machine learning
algorithms for IDS are Decision Tree, K-Nearest Neighbor (KNN), Artificial Neural Network
(ANN), Support Vector Machine (SVM), K-Mean Clustering, Fast Learning Network, and
Ensemble Methods.

2. LITERATURE SURVEY
Intrusion detection system is a software application to detect the network intrusions using
machine learning algorithms. The decision tree outperforms other classifiers with respect to
accuracy, time and precision [6].
Heterogeneous data/mixture analysis technology is expected to play a significant role in
almost all the domains. Integration of two or more algorithms by combining their strength
would be more useful for processing heterogeneous data analysis [13]. The following figure 2
represents the machine learning classifiers.

Figure 2 Representation of machine learning classifiers

https://iaeme.com/Home/journal/IJARET 871 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

Machine learning techniques can impact in the domain of cybersecurity, and examined the
security challenges that remain. Shared the overview of the conceptualization, understanding,
modeling, and thinking about cybersecurity data science [6].
The network intrusion detection systems based on the ML and DL methods to provide the
new researchers with the updated knowledge, recent trends, and progress of the field. A
systematic approach is taken on for the selection of the relevant articles in the field of AI-based
NIDS [4].
An approach to find best classification algorithm, for the applications of machine learning
to intrusion detection. The j48 algorithm shows highest classification accuracy performance
with lowest error rate [21].
An innovative intelligent intrusion detection system based on Stacking is developed, and it
used a DT-RFE algorithm to extract less features. This model can improve and optimize the
dataset and increase the resource utilization through deleting uncorrelated and redundant
records [17].
The growth of smart methods is required to fight with complex new smart system. They
represented a deep neural network for intrusion detection for IoT network. The result shows
that with each data set we got at least 90% accuracy and more [16].
Network Intrusion Detection System is the utmost used defense technology in the field of
network security. The increase in the efficiency of the parameters in the intrusion detection
system using the two-level approach. In Level 1, compare any basic supervised/unsupervised
learning algorithm and then in Level 2, train the results from level 1 in deep learning to use
Artificial Neural Networks (ANN) and compare the parameters such Accuracy, Precision,
Recall, False Alarm, F-score [3].
For competing with these cybersecurity problems, one must deal with certain machine
learning challenges. These methods to generate labels with pivoting, results for common
problems of lack of labels in cybersecurity [8].
Karatas compared the performance of different ML algorithms using an up-to-date
benchmark dataset CSE-CIC-IDS2018. They addressed the dataset imbalance problem by
reducing the imbalance ratio using Synthetic Minority Oversampling Technique (SMOTE),
which resulted in detection rate improvement for minority class attacks.
A two-stage anomaly-based network intrusion detection process using the UNSW-NB15
dataset using Recursive Feature Elimination and Random Forests among other techniques to
select the best dataset features for the purpose of machine learning. Evaluated the performance
of Decision Trees (C5.0), Naïve Bayes and multinomial Support Vector Machine.
Implementing C5.0 results the highest accuracy (74%) and F1 score (86%), and the two-stage
hybrid classification improved the accuracy of results by up to 12% (achieving a multi-
classification accuracy of 86.04%) [17].

3.METHODOLOGY
3.1. Machine Learning Classifiers for Intrusion Detection
3.1.1. Naive Bayes
Naive Bayes is supervised machine learning method uses classification technique that assume
the principle of class conditional independence from the Bayes Theorem. The goal of Naive
bayes is that the presence of one feature does not affect the presence of another in the probability
of the specified output, and each predictor has an equal effect on that result. The three types of
Naive Bayes classifiers include Multinomial Naive Bayes, Bernoulli Naive Bayes, and
Gaussian Naive Bayes. The application of classifier includes in text classification, spam

https://iaeme.com/Home/journal/IJARET 872 [email protected]

 Ajeesha M I and D Francis Xavier Christopher

identification, and recommendation systems. The naïve bayes classifier is a kind of probabilistic
graphical model. It aims in conditional dependence by organizing the dependencies on the edge
of a directed graph. It manages all nodes not connected by an edge are conditionally
independent and make use of this fact in the creation of the directed acyclic graph. The foremost
function of the algorithm is to classify data into specified categories. It follows the Bayesian
theorem that every category is mutually exclusive and independent of each other. It works
perfectly with a large dataset.

3.1.2. Logistic regression

Logistic regression is a binomial classifier. Logistical regression is to determine when the
dependent variable is categorical, that acts like a light switch they have binary outputs, such as
"true" and "false" or "yes" and "no." The regression models seek to recognize the relationships
between data inputs. Logistic regression is mostly used to solve binary classification problems,
such as spam identification. It is used to recognize the dependent variable from a set of
independent variables. The algorithm detects the best fit for the parameters using probability
function. Here, since the outcome isn’t a continuous range of values, the algorithm would give
an outcome in binary language.

3.1.3. K-nearest neighbor

KNN is one of the straight forward supervised ML algorithms which make use of the idea of
“feature similarity” to predict the class of a definite data sample. K-nearest neighbor, is a non-
parametric algorithm that grouped data points based on their accessibility and association to
other accessible data. In this algorithm the similar data points can be found near each other. As
a result, it results to calculate the distance between data points, usually through Euclidean
distance, and then it fixes a category based on the most frequent category or average. This
algorithm is simple to use and utilize less calculation time make it a better algorithm by data
scientists, but for massive datasets, the processing time increases, and is less satisfying for
classification tasks. KNN is usually used for recommendation engines and image recognition.
The KNN algorithm is a pattern recognition design that can be used for both classification
and regression. The k in KNN is a positive integer, which is normally small. Both in the
classification or regression, the input will comprise of the k closest training examples within a
space. In the classification method, the output is class membership. It will specify a new object
to the most common class among its k nearest neighbors. For k = 1, the object is assigned to
the class of the single nearest neighbor.
It picks out a sample assumed from its neighbors by calculating its distance from the
neighbors. In the KNN algorithm, the parameter k influences the performance of the model. If
the value of k is very smaller, the model may be allowed for over-fitting. For a very large
selection of k value, it leads to the misclassification of the sample instance.

3.1.4. AdaBoost Classifier

AdaBoost also called as Adaptive Boosting, is a statistical classification meta-algorithm
developed by Yoav Freund and Robert Schapire. AdaBoost is utilized to boost the performance
of decision tree algorithms on binary classification problems. Recently it may be mentioned as
discrete AdaBoost classifier because it is used for both classification as well as regression.
AdaBoost can be applied to boost the performance of any machine learning algorithm. It is
commonly used with weak learners. It can achieve accuracy beyond random chance on a
classification problem.
The most applicable and also most common algorithm used with AdaBoost are decision
trees classifiers. The decision tree classifiers are brief and only holds one decision for

https://iaeme.com/Home/journal/IJARET 873 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

classification, they are usually called as decision stumps. It can be used in occurrence with
different types of learning algorithms to enhance the performance. The output of the other
learning algorithms ('weak learners') is combined into a weighted sum that constitutes the final
output of the boosted classifier. AdaBoost classifier is adaptive with the meaning that the
successive weak learners are modified with respect to those cases misclassified by previous
classifiers. The discrete learners can be weak, provided that the performance of each one is
moderately better than random guessing, the final model can be proven to coincide to a strong
learner.
AdaBoost classifier accompanied by the decision trees with the weak learners is frequently
referred to as the excellent out-of-the-box classifier. With decision tree learning, information
collected at each stage of the AdaBoost algorithm with respect to the relative 'hardness' of
individual training sample is fed into the tree growing algorithm in such a way that later trees
tend to focus on harder-to-classify examples.

3.1.5. Decision Tree Classifier

A decision tree is a directional graph with series of nodes, that begins from the base with a
single node and extends to different leaf nodes that consist of the sub nodes that the tree can
classify.
Decision tree algorithm have the branching methodology to interpret all possible outcomes
based on the input data. It contains sequence of rules which is used to classify data and to find
the output variable. The rules form a network and ultimately obtain a conclusion.
Generally, decision trees visually represent decisions and show or inform decision making.
In machine learning and data mining, the decision trees are applied as a predictive model. These
models map observations about input data to the data’s target value. The decision tree classifier
creates a model that will predict the value of a target with respect to the input variables. In the
predictive model, the attributes that are determined through observation are represented by the
branches, while the conclusions about the data’s target value are presented in the leaves. When
“learning” a tree, the data is divided into subsets based on an attribute value test, which is
repeated on each of the derived subsets iteratively. When the subset at a node and the target
value became equivalent, the recursion process will be complete. In decision tree learning,
various determinations have to be made, including the features to choose, the conditions to use
for splitting, and analyzing when the decision tree reaches a clear end.
DT is one of the basic supervised ML algorithms and is used for both classification and
regression models with given dataset by applying the series of decisions. The model consists of
a conventional tree structure with nodes, branches, and leaf. Each node consists of an attribute
or a feature. The branch represents a decision or a rule and each leaf consist of a possible
outcome or class label. The DT algorithm automatically choose the best features for building a
tree and then perform pruning operation to remove irrelevant branches from the tree to avoid
the over-fitting. The most relevant DT models includes CART, C4.5, and ID3. Many advanced
learning algorithms like Random Forest (RF)59and XGBoost60are made from multiple
decision trees.

3.2. Dataset
Machine learning usually works with two data sets: training dataset and test dataset. The
evaluation datasets play a critical role in the validation of any IDS approach, to evaluate the
proposed model’s ability in detecting intrusive behavior. Due to privacy issues the datasets used
for network packet analysis in commercial products are not easily accessible. There are some
publicly attainable datasets such as DARPA, KDD, NSL-KDD, and ADFA-LD, and they are
standard datasets. Existing datasets that are used for building and comparative evaluation of

https://iaeme.com/Home/journal/IJARET 874 [email protected]

 Ajeesha M I and D Francis Xavier Christopher

IDS are analyzed including their features and limitations. The most important and tedious
process of set out with machine learning models is getting reliable data. We use KDD Cup 1999
Data to build predictive models capable of differentiating between intrusions or attacks, and
valuable connections. It contains 4898431 instances with 41 attributes, a standard set of data.
Each connection is described as either normal or as an attack, with exactly one specific attack
type. Each connection consists of about 100 bytes. Attacks fall into four main groups:
• DOS: denial-of-service
• R2L: unauthorized access from a remote machine
• U2R: unauthorized access to local root privileges
• probing: surveillance and another probing
Each group has various attacks, and there are a total of 21 types of attacks.

3.3. Implementation
We work with the IDS using Python and its extensive libraries available. The machine learning
algorithms explained here are all present in the scipy library. The increased development of
deep learning frameworks including TensorFlow, PyTorch, and Keras, available for this
language recently made popularity of Python. It is easy to process with readable syntax and the
ability to be used as a scripting language, Python proves to be powerful and straightforward
both for pre-processing data and working with data directly. The scikit-learn machine learning
library is built on top of several existing Python packages namely NumPy, SciPy, and
Matplotlib.

4. OBSERVATIONS AND DISCUSSIONS

An intrusion detection system (IDS) is to preserve the confidentiality, integrity, and availability
of a system. Intrusion detection systems detects malicious attacks, and are categorized into
corresponding classes. IDS can be both software or hardware. IDS are basically evaluated on
the following standard performance measures:

4.1. Performance Metrics

4.1.1. Accuracy
Accuracy is a performance metric to calculate the total number of predictions a model gets
right. Accuracy checks for True Positives and True Negatives.

Accuracy is the mostly used performance measure and it is the ratio of correctly predicted
observation to the total observations. Higher the accuracy better is the model. Accuracy is a
better for symmetric datasets where values of false positive and false negatives are almost same.
Therefore, we have to consider other parameters to evaluate the performance of the model.
Accuracy predicts immediately whether a model is being trained correctly. It does not give any
detailed information regarding its application to the problem. The problem only using accuracy
as main performance metric does not do well when there is severe class imbalance.
Precision
Precision calculates the number of True Positives divided by the number of True Positives
and False Positives. Precision evaluates how precise a model is by predicting positive values.
Precision is the percentage of the results which are correct.

https://iaeme.com/Home/journal/IJARET 875 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

4.1.2. Recall
Recall calculates the percentage of true positives a model correctly identified. If false negative
is high recall is used. The numerator consists of the number of true positives or the number of
positives the model correctly identified. The denominator is the number of true positives
predicted by the model and the number of positives incorrectly predicted as negative by the
model.

4.1.3. F1 Score
F1 Score calculates the weighted average of Precision and Recall. It consists of false positives
and false negatives. It is difficult to understand like accuracy, but F1 is usually more useful for
uneven class distribution. Accuracy works better for similar values of false positives and false
negatives. If the values of false positives and false negatives are very different, it’s better to
consider both Precision and Recall.

F1-score is a harmonic mean of Precision and Recall thus it gives an integrated idea about
these two metrics. It is highest when Precision is equal to Recall.

4.1.4. Auc_Roc Score

The AUC for the ROC can be evaluated using the function roc_auc_score(). The AUC function
takes both the true outcomes (0,1) from the test set and the predicted probabilities for the 1 class
like the roc_curve() function. It results the AUC score between 0.0 and 1.0 respectively. The
Area Under the Curve (AUC) is the measure of the ability of a classifier to differentiate between
classes and is used as a summary of the ROC curve. The higher the value of AUC, the better
the performance of the model.

4.2. Confusion Matrix

A Confusion matrix is an N x N matrix for analyzing the performance of a classification model,
where N is the number of target classes. The matrix differentiates between the actual target
values with those predicted by the machine learning model. This gives an overview of how well
the classification model is performing and the types of errors formed. A confusion matrix
presents counts of the True Positives, False Positives, True Negatives, and False Negatives
produced by a model. Using a confusion matrix, we can get the values needed to calculate the
performance metrics of a model.

https://iaeme.com/Home/journal/IJARET 876 [email protected]

 Ajeesha M I and D Francis Xavier Christopher

Figure 3 Confusion Matrix

• True Positive
• True Negative
• False Positive – Type 1 Error
• False Negative – Type 2 Error

True Positive (TP)

• The predicted value is close to the actual value
• The actual value was positive thus the model predicted a positive value

True Negative (TN)

• The predicted value is close to the actual value
• The actual value was negative then the model predicted a negative value

False Positive (FP) – Type 1 error

• The predicted value was falsely predicted
• The actual value was negative but the model predicted is a positive value
Also known as the Type 1 error

False Negative (FN) – Type 2 error

• The predicted value was falsely predicted
• The actual value was positive but the model predicted is a negative value
Also known as the Type 2 error

Classification Rate (CR) or Accuracy

The CR measures how accurate the IDS is in detecting normal or anomalous traffic behavior.
It represents the percentage of all those correctly predicted instances to all instances. It
calculates how many observations, both positive and negative, were correctly classified.
Evaluating the accuracy measures of all the machine learning classifiers is shown below.

https://iaeme.com/Home/journal/IJARET 877 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

Figure 4 Evaluating Accuracy values of different classifiers

Precision and True Positives

Precision is the ratio of the recognized threats to the total threats. True positives are those which
were threats and correctly identified as threats. Precision results how many of the correctly
predicted cases actually turned out to be positive.

True Positive Rate (TPR)

True positive rate is the ratio of the number of correctly predicted attacks with respect to the
total number of attacks. If all intrusions are detected then the TPR is 1 which is extremely rare
for an IDS. True positive rate is also called as Detection Rate (DR) or the Sensitivity. Recall
tells us how many of the actual positive cases we were able to predict correctly with our model.

Table 1 True positive rate and Precision ratios

ML CLASSIFIER TP RATE PRECISION
NAIVE BAYES 0.987 0.970
ADABOOST 0.996 0.964
LOGISTIC REGRESSION 0.996 0.937
DECISION TREE (Proposed Model) 0.994 0.989
KNN 0.993 0.970

Accuracy examines the fractions of correctly assigned positive and negative classes. If our
problem is highly imbalanced, we get a really high accuracy score by simply predicting that all
observations belong to the majority class.

Table 2 Roc_Auc scores of the Classifiers

ML CLASSIFIER ROC_AUC SCORE ACCURACY
NAIVE BAYES 0.932 0.965
ADABOOST 0.923 0.967
LOGISTIC REGRESSION 0.861 0.943
DECISION TREE (Proposed Model) 0.975 0.987
KNN 0.935 0.970
ROC AUC is generally good at ranking predictions. ROC AUC analyses true positive rate
TPR and false positive rate FPR. The table 2 shows the accuracy score with respect to the
Roc_Auc score of the classifiers.

https://iaeme.com/Home/journal/IJARET 878 [email protected]

 Ajeesha M I and D Francis Xavier Christopher

Naive Bayes is supervised learning so the data is labeled. Naive Bayes is a linear classifier
and is highly accurate when applied to big data. Naive Bayes work only if the decision boundary
is linear, elliptic, or parabolic. Naive Bayes outperform decision trees in rare occurrences.
Decision trees are comfortable to use for small amounts of classes. Decision trees are simple
to explain and understand. Decision trees have better features to identify the most significant
dimensions, handle missing values, and deal with outliers. Although over-fitting is a major
problem with decision trees, it could be avoided by using boosted trees or random forests. In
many situations, boosting or random forests can result in trees outperforming either Bayes or
K-NN. Decision trees can work directly from a table of data, without any prior design work
unlike Bayes and K-NN. Bayes can perform quite well, and it doesn't over fit nearly as much
so there is no need to prune or process the network. The figure below shows the graphical
representation of decision tree and naïve bayes.

Figure 5 Performance evaluation of naive bayes and decision tree classifier

Decision Trees are very flexible, easy to understand, and easy to troubleshoot. It is used for
both classification problems and regression problems [14]. Decision Trees will handle both
categorical values and continuous value problems. Naive Bayes is used a lot in robotics and
computer vision, and does quite well with those tasks. Decision trees perform very poorly in
those situations.

4. CONCLUSIONS
With the rapid growth of machine learning technologies, in this paper we have discussed how
decision tree is applicable for intrusion detection system. Evaluating various performance
metrics shows that decision tree performs well compared with other classifiers. The IDS should
provide the most effective solutions based on the requirements. Here we discussed the accuracy,
precision, recall, f1score, auc-roc score of the classifiers. Based on these evaluation metrics we
can conclude that the decision tree performs well as an intrusion detector. Machine learning is
a field that is continuously being innovated, thus it is important to keep in mind that algorithms,
methods, and approaches will continue to change.

REFERENCES
[1] Ajeesha M I, Dr. D Francis Xavier Christopher, Supervised Machine Learning Techniques For
Intrusion Detection, 2019 IJRAR June 2019, Volume 6, Issue 2
[2] An Introduction to Machine Learning | DigitalOcean

https://iaeme.com/Home/journal/IJARET 879 [email protected]

 Experimental Analysis of Decision Tree Classifier in Intrusion Detection

[3] B Ida Seraphim, Shreya Palit, Kaustubh Srivastava, E Poovammal, Implementation of Machine
Learning Techniques applied to the Network Intrusion Detection System, International Journal
of Engineering and Advanced Technology (IJEAT), ISSN: 2249-8958, Volume-8 Issue-5, June
2019.
[4] Dr. Poornima Nataraja, Bharathi Ramesh, Machine Learning Algorithms For Heterogeneous
Data: A Comparative Study, International Journal of Computer Engineering & Technology
(IJCET) Volume 10, Issue 3, May-June 2019
[5] Evaluation of Machine Learning Algorithms for Intrusion Detection System | by Cuelogic
Technologies | Cuelogic Technologies | Medium
[6] Harsh H. Patel, Purvi Prajapati, Study and Analysis of Decision Tree Based Classification
Algorithms, International Journal of Computer Sciences and Engineering.
[7] HUSPI, Quick Introduction to Machine Learning Algorithms for Beginners Quick Introduction
to Machine Learning Algorithms for Beginners - HUSPI
[8] Idan Amit, John Matherly, Machine Learning in Cyber-Security - Problems, Challenges and
Data Sets.
[9] Iqbal H. Sarker, Yoosef B. Abushark, IntruDTree: A Machine Learning Based Cyber Security
Intrusion Detection Model, Symmetry 2020, 12, 754; doi:10.3390/sym12050754
[10] jakubczakon, F1 Score vs ROC AUC vs Accuracy vs PR AUC: Which Evaluation Metric Should
You Choose?, neptune-ai/blog-binary-classification-metrics
[11] Jesse Davis, Mark Goadrich, The Relationship Between Precision-Recall and ROC Curves,
Appearing in Proceedings of the 23 rd International Conference on Machine Learning,
Pittsburgh, PA, 2006.
[12] Machine learning Algorithms. Introduction | by Mohammad Daoud | Medium
[13] Mohammed Tabash, Mohamed Abd Allah, and Bella Tawfik, Intrusion Detection Model Using
Naive Bayes and Deep Learning Technique, The International Arab Journal of Information
Technology, Vol. 17, No. 2, March 2020.
[14] Nahla Ben Amor, Salem Benferhat, Zied Elouedi, Naive Bayes vs Decision Trees in Intrusion
Detection Systems, 2004 ACM Symposium on Applied Computing.
[15] Richard Power. 1999 CSI/FBI computer crime and security survey. Computer Security Journal,
Volume XV (2), 1999.
[16] Sarika Choudharya, Nishtha Kesswani, Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15
Datasets using Deep Learning in IoT, International Conference on Computational Intelligence
and Data Science (ICCIDS 2019)
[17] Souhail Meftah, Tajjeeddine Rachidi and Nasser Assem, Network Based Intrusion Detection
Using the UNSW-NB15 Dataset, International Journal of Computing and Digital Systems, ISSN
(2210-142X)
[18] Tahir Mehmood and Helmi B Md Rais, Machine Learning Algorithms In Context Of Intrusion
Detection, 2016 3rd International Conference On Computer And Information Sciences
(ICCOINS)
[19] Wenjuan Lian, Guoqing Nie, Bin Ji, An Intrusion Detection Method Based on Decision Tree-
Recursive Feature Elimination in Ensemble Learning, Hindawi, Volume 2020, Article ID
2835023.
[20] What Is Machine Learning? How It Works, Techniques & Applications - MATLAB & Simulink
(mathworks.com)
[21] Yogendra Kumar Jain and Upendra, An efficient intrusion detection based on decision tree
classifier using feature reduction, International journal of scientific and research publications,
Volume 2, Issue 2, January 2012.
[22] Zeeshan Ahmad, Adnan Shahid Khan, Cheah Wai Shiang, Network intrusion detection system:
A systematic study of machine learning and deep learning approaches, DOI: 10.1002/ett.4150

https://iaeme.com/Home/journal/IJARET 880 [email protected]