Skip to main content
SpringerLink
Log in

Unveiling the Performance Insights: Benchmarking Anomaly-Based Intrusion Detection Systems Using Decision Tree Family Algorithms on the CICIDS2017 Dataset

  • Conference paper
  • First Online:
Business Intelligence (CBI 2023)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 484 ))

Included in the following conference series:

  • 226 Accesses

Abstract

The continuous growth of computer networks and the internet has brought attention to the increasing potential damage caused by attacks. Intrusion Detection Systems (IDSs) have emerged as crucial defense tools against the rising frequency and sophistication of network attacks. However, effectively detecting new attacks using machine-learning approaches in intrusion detection systems presents challenges.

This study focuses on the CICIDS2017 dataset, which is one of the most recent and updated IDS datasets publicly available. The CICIDS2017 dataset contains both benign and seven common attack network flows, meeting real-world criteria and providing true network traffic data. Furthermore, The CICIDS2017 dataset presents challenges when it comes to measuring the performance of a comprehensive set of machine learning algorithms in order to identify the optimal pattern set for detecting specific attack categories.

This paper contributes to the field of intrusion detection systems by benchmarking the decision tree family. As a result of our study XGBoost achieves the highest accuracy of 99%, followed by Random Forest with 98%, Gradient Boosting Trees with 88%, and Decision Tree with 89%.

Overall, this research provides valuable insights into the performance of decision tree family and feature selection methods, paving the way for the advancement of more reliable and efficient intrusion detection systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. – Comput. Inf. Sci. 31(4), 541–553 (2019)

    Google Scholar 

  2. Khraisat, A., Alazab, A.: A critical review of intrusion detection systems in the internet of things: techniques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecurity 4(1), 1–27 (2021). https://doi.org/10.1186/s42400-021-00077-7

    Article  Google Scholar 

  3. Mhawi, D.N., Aldallal, A., Hassan, S.: Advanced feature-selection-based hybrid ensemble learning algorithms for network intrusion detection systems. Symmetry 14, 1461 (2022)

    Article  Google Scholar 

  4. Maseer, Z.K., Yusof, R., Bahaman, N., Mostafa, S.A., Foozy, C.F.M.: Benchmarking of machine learning for anomaly based intrusion detection systems in the CICIDS2017 dataset. IEEE Access 9, 22351–22370 (2021)

    Article  Google Scholar 

  5. Yulianto, A., Sukarno, P., Suwastika, N.A.: Improving AdaBoost-based intrusion detection system (IDS) performance on CIC IDS 2017 dataset. J. Phys. Conf. Series 1192, 012018 (2019)

    Article  Google Scholar 

  6. Kurniabudi, D.S., Darmawijoyo, M.Y., Idris, B., Bamhdi, A.M., Budiarto, R.: CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access 8, 132911–132921 (2020). https://doi.org/10.1109/ACCESS.2020.3009843

    Article  Google Scholar 

  7. Sharafaldin, I., Habibi Lashkari, A., Ghorbani, A.A.: A detailed analysis of the CICIDS2017 data set. In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2018. CCIS, vol. 977, pp. 172–188. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25109-3_9

    Chapter  Google Scholar 

  8. Reis, B., Maia, E., Praça, I.: Selection and performance analysis of CICIDS2017 features importance. In: Benzekri, A., Barbeau, M., Gong, G., Laborde, R., Garcia-Alfaro, J. (eds.) FPS 2019. LNCS, vol. 12056, pp. 56–71. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45371-8_4

    Chapter  Google Scholar 

  9. Sharafaldin, I., Lashkari, A.H., Ghorbani, A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy – ICISSP, ISBN 978-989-758-282-0, ISSN 2184-4356, pp. 108–116. SciTePress (2018)

    Google Scholar 

  10. Aksu, D., Üstebay, S., Aydin, M.A., Atmaca, T.: Intrusion detection with comparative analysis of supervised learning techniques and fisher score feature selection algorithm. In: Czachórski, T., Gelenbe, E., Grochla, K., Lent, R. (eds.) Computer and Information Sciences. ISCIS 2018. Communications in Computer and Information Science, vol. 935. Springer, Cham. https://doi.org/10.1007/978-3-030-00840-6_16

  11. Tsai, J.J.P., Yu, Z.: Intrusion Detection: A Machine Learning Approach. Imperial College Press, GBR (2011)

    Google Scholar 

  12. Bhavani, T.T., Rao, M.K., Reddy, A.M.: Network intrusion detection system using random forest and decision tree machine learning techniques. In: Luhach, A.K., Kosa, J.A., Poonia, R.C., Gao, X.-Z., Singh, D. (eds.) First International Conference on Sustainable Technologies for Computational Intelligence. AISC, vol. 1045, pp. 637–643. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-0029-9_50

    Chapter  Google Scholar 

  13. Brochu, E., Cora, V.M., de Freitas, N.: A Tutorial on Bayesian Optimization of Expensive Cost Functions, with Application to Active User Modeling and Hierarchical Reinforcement Learning. ArXiv abs/1012.2599 (2010)

    Google Scholar 

  14. Galuzzi, B.G., Giordani, I., Candelieri, A., Perego, R., Archetti, F.: Hyperparameter optimization for recommender systems through Bayesian optimization. CMS 17(4), 495–515 (2020). https://doi.org/10.1007/s10287-020-00376-3

    Article  MathSciNet  MATH  Google Scholar 

  15. Masum, M., et al.: Bayesian hyperparameter optimization for deep neural network-based network intrusion detection. In: 2021 IEEE International Conference on Big Data (Big Data), Orlando, FL, USA, pp. 5413–5419 (2021)

    Google Scholar 

  16. Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., Atkinson, R.: Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey (2017)

    Google Scholar 

  17. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory TIAD, Department of Computer Science, Sultan Moulay Slimane University, Beni Mellal, Morocco

    Mohamed Azalmad, Rachid El Ayachi & Mohamed Biniz

Authors
  1. Mohamed Azalmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rachid El Ayachi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohamed Biniz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Azalmad .

Editor information

Editors and Affiliations

  1. Sultan Moulay Slimane University, Beni-Mellal, Morocco

    Rachid El Ayachi

  2. Sultan Moulay Slimane University, Beni-Mellal, Morocco

    Mohamed Fakir

  3. Sultan Moulay Slimane University, Beni-Mellal, Morocco

    Mohamed Baslam

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Azalmad, M., El Ayachi, R., Biniz, M. (2023). Unveiling the Performance Insights: Benchmarking Anomaly-Based Intrusion Detection Systems Using Decision Tree Family Algorithms on the CICIDS2017 Dataset. In: El Ayachi, R., Fakir, M., Baslam, M. (eds) Business Intelligence. CBI 2023. Lecture Notes in Business Information Processing, vol 484 . Springer, Cham. https://doi.org/10.1007/978-3-031-37872-0_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-37872-0_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-37871-3

  • Online ISBN: 978-3-031-37872-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation