Computer security, as well cyber security, is safeguarding information systems from stealing, destruction, and misusing computer hardware, software, data, and the delivered services. In general, machine learning is the area of studying, which grants a computer system to grasp, although not explicitly programmed. Often, anomaly-based Intrusion Detection Systems (IDS) experiences high false alarms rates (FAR), and since many different mechanisms are used by the researchers to protect the system from high false alarms and least detection rates, the challenge is to reduce high false alarms and achieve high detection rate is remain, and therefore; a new approach need to be applied. The objective of this study is to specify a network traffic technique to distinguish the normal from abnormal attacks, and also, to use specific algorithm to reduce the high false alarms rate (FAR). The dataset used in this study is NSL-KDD, where the data are divided into two parts (60%) for training and (40%) for testing. The results show that the decision tree (DT) algorithm achieved high detection rate (DR) and low false alarms rate (FAR) in comparison with other machine learning algorithms. This study achieved rate of detection for random tree about (99.7%) and for J48 about (99.8%), but for naïve Bayes about (86.8%). Also, the rate of false alarm for random tree about (0.2%) and for J48 about (0.3%), but for naïve Bayes about (6%), and hence we concluded that the decision tree algorithm accomplishes high detection rate (DR), and low false alarms rate (FAR) compared to other algorithms of machine learning.
Key words: Decision Tree Algorithm; NSL-KDD dateset; Anomaly Detection
|