Skip to main content
Springer Nature Link
Log in

Intrusion detection system model: a white-box decision tree with feature selection optimization

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Intrusion detection has been an active development area due to its importance in highly digitally connected ecosystems. Most of the existing developments have focused on the use of complex machine learning models that are black-box in nature. There is an urgent need to investigate a more transparent model approach for determining the features associated with intrusion detection. In this paper, a feature selection is proposed for a decision tree (DT)-based classifier. In particular, a stochastic optimization technique based on differential evolution (DE) is used to create the DT for optimizing feature selection. The contribution of this paper is twofold. First, a white-box machine learning model using DT is implemented. Second, an optimal feature reduction approach is embedded in the process of building the DT. The results demonstrate an improvement over the non-feature selection approach and the black-box neural network and are comparable to other state-of-the-art models. This shows that it is possible to achieve high performance despite using a minimal transparent model by eliminating non-contributing features. This is the essence of Occam’s razor principle, which states that a more condensed model contributes to better generalization. There is an evident improvement in the generalization of the DT model after optimization of features. Despite often being associated with a weaker machine learning model, the results show comparative results on independent datasets, indicating the suitability for such a task. It is worth mentioning that the final model only utilizes a fraction of the full feature set. Although the generalization performance only improved less than 1% in comparison with the non-feature selection counterpart, the proposed approach suggests that a condensed model yielding a similar performing model should be considered.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Data availibility

All datasets used in this paper are publicly available.

Notes

  1. https://www.kaggle.com/datasets/hassan06/nslkdd/data

  2. https://towardsdatascience.com/a-deeper-dive-into-the-nslkdd-data-set-15c753364657

  3. https://www.unsw.adfa.edu.au/unsw-canberra-cyber/cybersecurity/ADFA-NB15-Datasets/

References

  1. Homoliak I, Toffalini F, Guarnizo J, Elovici Y, Ochoa M (2019) Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput Surv 52(2):1–40

    Article  Google Scholar 

  2. Olawale OP, Ebadinezhad S (2023) The detection of abnormal behavior in healthcare iot using ids, cnn, and svm. In: Shakya S, Papakostas G, Kamel KA (eds) Mobile computing and sustainable informatics. Springer, Singapore, pp 375–394

    Chapter  MATH  Google Scholar 

  3. He K, Kim DD, Asghar MR (2023) Adversarial machine learning for network intrusion detection systems: a comprehensive survey. IEEE Commun Surv Tutor 25(1):538–566

    Article  MATH  Google Scholar 

  4. Dini P, Elhanashi A, Begni A, Saponara S, Zheng Q, Gasmi K (2023) Overview on intrusion detection systems design exploiting machine learning for networking cybersecurity. Appl Sci 13(13):7507

    Article  MATH  Google Scholar 

  5. Thakkar A, Lohiya R (2023) A review on challenges and future research directions for machine learning-based intrusion detection system. Archiv Comput Methods Eng 30(7):4245–4269

    Article  MATH  Google Scholar 

  6. Kumar SVNS, Selvi M (2023) Kannan A (2023) A comprehensive survey on machine learning-based intrusion detection systems for secure communication in internet of things. Comput Intell Neurosci 1:8981988

    Article  Google Scholar 

  7. Martins T, Almeida AM, Cardoso E, Nunes L (2024) Explainable artificial intelligence (xai): a systematic literature review on taxonomies and applications in finance. IEEE Access 12:618–629

    Article  Google Scholar 

  8. Tjoa E, Guan C (2021) A survey on explainable artificial intelligence (xai): toward medical xai. IEEE Trans Neural Netw Learn Syst 32(11):4793–4813

    Article  MATH  Google Scholar 

  9. Loyola-González O (2019) Black-box vs. white-box: understanding their advantages and weaknesses from a practical point of view. IEEE Access 7:154096–154113

    Article  Google Scholar 

  10. Gawantka F, Schulz A, Lässig J, Just F (2022) Skilldb - an evaluation on the stability of xai algorithms for a hr decision support system and the legal context. In: 2022 IEEE 21st international conference on cognitive informatics & cognitive computing (ICCI*CC), pp. 183–190

  11. Pisirir E, Wohlgemut JM, Kyrimi E, Stoner RS, Perkins ZB, Tai NRM, Marsh DWR (2023) A process for evaluating explanations for transparent and trustworthy ai prediction models. In: 2023 IEEE 11th international conference on healthcare informatics (ICHI), pp. 388–397

  12. Zhang Q, Hall M, Johansen M, Galetic V, Grange J, Quintana-Amate S, Nottle A, Jones DM, Morgan PL (2022) Towards an integrated evaluation framework for xai: an experimental study. Proce Comput Sci 207:3884–3893

    Article  Google Scholar 

  13. Ali S, Abuhmed T, El-Sappagh S, Muhammad K, Alonso-Moral JM, Confalonieri R, Guidotti R, Del Ser J, Diaz-Rodriguez N, Herrera F (2023) Explainable artificial intelligence (xai): what we know and what is left to attain trustworthy artificial intelligence. Inf Fusion 99:101805

    Article  Google Scholar 

  14. Rudin C (2019) Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead. Nat Mach Intell 1(a5):206–215

    Article  MATH  Google Scholar 

  15. Patil S, Varadarajan V, Mazhar SM, Sahibzada A, Ahmed N, Sinha O, Kumar S, Shaw K, Kotecha K (2022) Explainable artificial intelligence for intrusion detection system. Electronics 11(19):3079

    Article  Google Scholar 

  16. Zhang L, Yan H, Zhu Q (2020) An improved lstm network intrusion detection method. In: 2020 IEEE 6th international conference on computer and communications (ICCC), pp. 1765–1769

  17. Hadri A, Chougdali K, Touahni R (2020) Fuzzy l2,p-norm based pca for intrusion detection system. In: 2020 IEEE 2nd international conference on electronics, control, optimization and computer science (ICECOCS), pp. 1–6

  18. Shi X, Cai Y, Yang Y (2020) Extreme trees network intrusion detection framework based on ensemble learning. In: 2020 IEEE international conference on advances in electrical engineering and computer applications( AEECA), pp. 91–95

  19. Ingre B, Yadav A (2015) Performance analysis of nsl-kdd dataset using ann. In: 2015 international conference on signal processing and communication engineering systems, 92–96

  20. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational itelligence for security and defense applications, pp. 1–6

  21. Stolfo SJ, Fan W, Lee W, Prodromidis A, Chan PK (2000) Cost-based modeling for fraud and intrusion detection: Results from the jam project. In: Proceedings DARPA information survivability conference and exposition. DISCEX’00, 2, 130–144

  22. Divekar A, Parekh M, Savla V, Mishra R, Shirole M (2018) Benchmarking datasets for anomaly-based network intrusion detection: Kdd cup 99 alternatives. In: 2018 IEEE 3rd international conference on computing, communication and security (ICCCS), pp. 1–8

  23. Sujatha G, Kanchhal Y, George G (2022) An advanced approach for detection of distributed denial of service (ddos) attacks using machine learning techniques. In: 2022 3rd international conference on smart electronics and communication (ICOSEC), pp. 821–827

  24. Bahl S, Sharma SK (2015) Detection rate analysis for user to root attack class using correlation feature selection. In: International conference on computing, communication and automation, pp. 66–71

  25. Shoji N, Sugawara T, Iwamoto M, Sakiyama K (2019) An abstraction model for 1-bit probing attack on block ciphers. In: 2019 IEEE 4th international conference on computer and communication systems (ICCCS), pp. 502–506

  26. Meena G, Choudhary RR (2017) A review paper on ids classification using kdd 99 and nsl kdd dataset in weka. In: 2017 international conference on computer, communications and electronics (Comptelix), pp. 553–558

  27. Al Tobi AM, Duncan I (2018) Kdd 1999 generation faults: a review and analysis. J Cyber Sec Technol 2(3–4):164–200

    Article  MATH  Google Scholar 

  28. Bae C, Yeh W-C, Shukran M, Chung YY, Hsieh T-J (2012) A novel anomaly-network intrusion detection system using abc algorithms. Int J Innov Comput Inf Control 8(12):8231–8248

    Google Scholar 

  29. Ji H, Kim D, Shin D, Shin D (2018) A study on comparison of kdd cup 99 and nsl-kdd using artificial neural network. In: Park JJ, Loia V, Yi G, Sung Y (eds) Advances in computer science and ubiquitous computing. Springer, Singapore, pp 452–457

    Chapter  MATH  Google Scholar 

  30. Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6

  31. Das S, Suganthan PN (2011) Differential evolution: a survey of the state-of-the-art. IEEE Trans Evolut Comput 15(1):4–31

    Article  MATH  Google Scholar 

  32. Huang Z, Chen Y (2013) An improved differential evolution algorithm based on adaptive parameter. J Control Sci Eng 2013:462706

    Article  MATH  Google Scholar 

  33. Tangi SD, Kumar P, Bewoor MS (2021) A novel mechanism for development of intrusion detection system with bpnn. In: 2021 IEEE 8th Uttar Pradesh section international conference on electrical, electronics and computer engineering (UPCON), pp. 1–7

  34. Lin Z (2021) Network intrusion detection based of semi-supervised ensemble learning algorithm for imbalanced data. In: 2021 international conference on networking and network applications (NaNA), pp. 338–344

  35. Singh K, Mathai KJ (2019) Performance comparison of intrusion detection system between deep belief network (dbn) algorithm and state preserving extreme learning machine (spelm) algorithm. In: 2019 IEEE international conference on electrical, computer and communication technologies (ICECCT), pp. 1–7

  36. Gurung S, Ghose MK, Subedi A (2019) Deep learning approach on network intrusion detection system using nsl-kdd dataset. Int J Comput Netw Inf Sec 11(3):8–14

    MATH  Google Scholar 

  37. Su T, Sun H, Zhu J, Wang S, Li Y (2020) Bat: deep learning methods on network intrusion detection using nsl-kdd dataset. IEEE Access 8:29575–29585

    Article  MATH  Google Scholar 

  38. Ingre B, Yadav A, Soni AK (2018) Decision tree based intrusion detection system for nsl-kdd dataset. In: Information and communication technology for intelligent systems (ICTIS 2017)-Volume 2 2, pp. 207–218

  39. Bajaj K, Arora A (2013) Improving the intrusion detection using discriminative machine learning approach and improve the time complexity by data mining feature selection methods. Int J Comput Appl 76(1):5–11

    MATH  Google Scholar 

  40. Kabir MH, Rajib MS, Rahman ASMT, Rahman MM, Dey SK (2022) Network intrusion detection using unsw-nb15 dataset: Stacking machine learning based approach. In: 2022 international conference on advancement in electrical and electronic engineering (ICAEEE), pp. 1–6

  41. Yin Y, Jang-Jaccard J, Xu W, Singh A, Zhu J, Sabrina F, Kwak J (2023) Igrf-rfe: a hybrid feature selection method for mlp-based network intrusion detection on unsw-nb15 dataset. J Big Data 10(1):15

    Article  Google Scholar 

  42. Vibhute AD, Khan M, Patil CH, Gaikwad SV, Mane AV, Patel KK (2024) Network anomaly detection and performance evaluation of convolutional neural networks on unsw-nb15 dataset. Procedia computer science 235, 2227–2236. International conference on machine learning and data engineering (ICMLDE 2023)

  43. Kushwaha P, Buckchash H, Raman B (2017) Anomaly based intrusion detection using filter based feature selection on kdd-cup 99. In: TENCON 2017 - 2017 IEEE Region 10 Conference, pp. 839–844

Download references

Funding

The authors would like to acknowledge the financial support received from Curtin University under the Cybersecurity Cross-Campus Seed Grant 2022, with cost centre number: 100049.

Author information

Authors and Affiliations

  1. IoT Research Group, Curtin University Malaysia, CDT 250, Miri, 98009, Sarawak, Malaysia

    W. K. Wong

  2. Department of Electrical and Electronic Engineering, Xi’an Jiaotong - Liverpool University, Suzhou, 215123, Jiangsu, China

    Filbert H. Juwono

  3. Department of Electrical and Computer Engineering, Curtin University Malaysia, CDT 250, Miri, 98009, Sarawak, Malaysia

    Sivaraman Eswaran & Foad Motelebi

Authors
  1. W. K. Wong
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Filbert H. Juwono
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Sivaraman Eswaran
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Foad Motelebi
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to W. K. Wong.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Appendix A Selected Decision Tree

Appendix A Selected Decision Tree

The selected best decision tree is shown as follows. Class = 0 denotes the normal operation while Class = 1 denotes an attack. Further, \(x_1-x_{41}\) denote the selected features. The decision tree contains 289 decision nodes.

Decision Tree Algorithm

  1. 1.

    if \(x_5<32.5\) then node 2 elseif \(x_5>=32.5\) then node 3

  2. 2.

    if \(x_2<1.5\) then node 4 elseif \(x_2>=1.5\) then node 5

  3. 3.

    if \(x_5<1007\) then node 6 elseif \(x_5>=1007\) then node 7

  4. 4.

    if \(x_{29}<0.96\) then node 8 elseif \(x_{29}>=0.96\) then node 9

  5. 5.

    if \(x_5<21\) then node 10 elseif \(x_5>=21\) then node 11

  6. 6.

    if \(x_3<2.5\) then node 12 elseif \(x_3>=2.5\) then node 13

  7. 7.

    if \(x_{34}<0.885\) then node 14 elseif \(x_{34}>=0.885\) then node 15

  8. 8.

    if \(x_6<68.5\) then node 16 elseif \(x_6>=68.5\) then node 17

  9. 9.

    if \(x_{34}<0.115\) then node 18 elseif \(x_{34}>=0.115\) then node 19

  10. 10.

    if \(x_{24}<1.5\) then node 20 elseif \(x_{24}>=1.5\) then node 21 else

  11. 11.

    if \(x_{34}<0.075\) then node 22 elseif \(x_{34}>=0.075\) then node 23

  12. 12.

    if \(x_{24}<6.5\) then node 24 elseif \(x_{24}>=6.5\) then node 25

  13. 13.

    if \(x_5<87\) then node 26 elseif \(x_5>=87\) then node 27

  14. 14.

    if \(x_6<302\) then node 28 elseif \(x_6>=302\) then node 29

  15. 15.

    if \(x_{24}<4.5\) then node 30 elseif \(x_{24}>=4.5\) then node 31

  16. 16.

    if \(x_1<2.5\) then node 32 elseif \(x_1>=2.5\) then node 33

  17. 17.

    if \(x_6<90\) then node 34 elseif \(x_6>=90\) then node 35

  18. 18.

    if \(x_5<1.5\) then node 36 elseif \(x_5>=1.5\) then node 37

  19. 19.

    if \(x_1<1.5\) then node 38 elseif \(x_1>=1.5\) then node 39

  20. 20.

    if \(x_6<9\) then node 40 elseif \(x_6>=9\) then node 41

  21. 21.

    if \(x_2<2.5\) then node 42 elseif \(x_2>=2.5\) then node 43

  22. 22.

    if \(x_5<29\) then node 44 elseif \(x_5>=29\) then node 45

  23. 23.

    if \(x_3<1.5\) then node 46 elseif \(x_3>=1.5\) then node 47

  24. 24.

    if \(x_5<166.5\) then node 48 elseif \(x_5>=166.5\) then node 49

  25. 25.

    if \(x_2<2.5\) then node 50 elseif \(x_2>=2.5\) then node 51

  26. 26.

    class = 0

  27. 27.

    class = 1

  28. 28.

    if \(x_1<0.5\) then node 52 elseif \(x_1>=0.5\) then node 53

  29. 29.

    if \(x_6<3138.5\) then node 54 elseif \(x_6>=3138.5\) then node 55

  30. 30.

    if \(x_5<2489.5\) then node 56 elseif \(x_5>=2489.5\) then node 57

  31. 31.

    if \(x_3<0.5\) then node 58 elseif \(x_3>=0.5\) then node 59

  32. 32.

    if \(x_{26}<0.325\) then node 60 elseif \(x_{26}>=0.325\) then node 61

  33. 33.

    if \(x_3<1\) then node 62 elseif \(x_3>=1\) then node 63

  34. 34.

    if \(x_5<7.5\) then node 64 elseif \(x_5>=7.5\) then node 65

  35. 35.

    class = 0

  36. 36.

    if \(x_3<2.5\) then node 66 elseif \(x_3>=2.5\) then node 67

  37. 37.

    if \(x_5<23\) then node 68 elseif \(x_5>=23\) then node 69

  38. 38.

    if \(x_6<65.5\) then node 70 elseif \(x_6>=65.5\) then node 71

  39. 39.

    if \(x_1<23466.5\) then node 72 elseif \(x_1>=23466.5\) then node 73

  40. 40.

    if \(x_{29}<0.105\) then node 74 elseif \(x_{29}>=0.105\) then node 75

  41. 41.

    class = 1

  42. 42.

    if \(x_{24}<2.5\) then node 76 elseif \(x_{24}>=2.5\) then node 77

  43. 43.

    class = 0

  44. 44.

    if \(x_{24}<4.5\) then node 78 elseif \(x_{24}>=4.5\) then node 79

  45. 45.

    class = 1

  46. 46.

    class = 1

  47. 47.

    if \(x_{24}<70\) then node 80 elseif \(x_{24}>=70\) then node 81

  48. 48.

    if \(x_5<115.5\) then node 82 elseif \(x_5>=115.5\) then node 83

  49. 49.

    if \(x_{17}<1\) then node 84 elseif \(x_{17}>=1\) then node 85

  50. 50.

    if \(x_5<172.5\) then node 86 elseif \(x_5>=172.5\) then node 87

  51. 51.

    class = 0

  52. 52.

    if \(x_3<0.5\) then node 88 elseif \(x_3>=0.5\) then node 89

  53. 53.

    if \(x_{24}<3.5\) then node 90 elseif \(x_{24}>=3.5\) then node 91

  54. 54.

    if \(x_{16}<0.5\) then node 92 elseif \(x_{16}>=0.5\) then node 93

  55. 55.

    if \(x_1<2575.5\) then node 94 elseif \(x_1>=2575.5\) then node 95

  56. 56.

    if \(x_6<112\) then node 96 elseif \(x_6>=112\) then node 97

  57. 57.

    if \(x_2<2\) then node 98 elseif \(x_2>=2\) then node 99

  58. 58.

    class = 1

  59. 59.

    if \(x_6<67030.5\) then node 100 elseif \(x_6>=67030.5\) then node 101

  60. 60.

    class = 0

  61. 61.

    class = 0

  62. 62.

    class = 0

  63. 63.

    class = 1

  64. 64.

    class = 1

  65. 65.

    class = 0

  66. 66.

    if \(x_{34}<0.005\) then node 102 elseif \(x_{34}>=0.005\) then node 103

  67. 67.

    if \(x_{24}<4.5\) then node 104 elseif \(x_{24}>=4.5\) then node 105

  68. 68.

    if \(x_6<35.5\) then node 106 elseif \(x_6>=35.5\) then node 107

  69. 69.

    class = 0

  70. 70.

    if \(x_5<16.5\) then node 108 elseif \(x_5>=16.5\) then node 109

  71. 71.

    if \(x_5<12\) then node 110 elseif \(x_5>=12\) then node 111

  72. 72.

    class = 0

  73. 73.

    class = 1

  74. 74.

    class = 0

  75. 75.

    if \(x_{29}<0.145\) then node 112 elseif \(x_{29}>=0.145\) then node 113

  76. 76.

    class = 1

  77. 77.

    if \(x_{24}<9.5\) then node 114 elseif \(x_{24}>=9.5\) then node 115

  78. 78.

    class = 0

  79. 79.

    class = 1

  80. 80.

    if \(x_{24}<66\) then node 116 elseif \(x_{24}>=66\) then node 117

  81. 81.

    class = 1

  82. 82.

    if \(x_3<1.5\) then node 118 elseif \(x_3>=1.5\) then node 119

  83. 83.

    if \(x_6<125.5\) then node 120 elseif \(x_6>=125.5\) then node 121

  84. 84.

    if \(x_{41}<0.26\) then node 122 elseif \(x_{41}>=0.26\) then node 123

  85. 85.

    class = 0

  86. 86.

    if \(x_6<17\) then node 124 elseif \(x_6>=17\) then node 125

  87. 87.

    class = 1

  88. 88.

    if \(x_{24}<1.5\) then node 126 elseif \(x_{24}>=1.5\) then node 127

  89. 89.

    if \(x_5<1256\) then node 128 elseif \(x_5>=1256\) then node 129

  90. 90.

    if \(x_5<2.08529e+06\) then node 130 elseif \(x_5>=2.08529e+06\) then node 131

  91. 91.

    class = 1

  92. 92.

    class = 1

  93. 93.

    class = 0

  94. 94.

    if \(x_{10}<22.5\) then node 132 elseif \(x_{10}>=22.5\) then node 133

  95. 95.

    class = 1

  96. 96.

    if \(x_{24}<3.5\) then node 134 elseif \(x_{24}>=3.5\) then node 135

  97. 97.

    class = 1

  98. 98.

    if \(x_{41}<0.105\) then node 136 elseif \(x_{41}>=0.105\) then node 137

  99. 99.

    class = 1

  100. 100.

    if \(x_6<137\) then node 138 elseif \(x_6>=137\) then node 139

  101. 101.

    class = 1

  102. 102.

    if \(x_3<1\) then node 140 elseif \(x_3>=1\) then node 141

  103. 103.

    if \(x_{34}<0.025\) then node 142 elseif \(x_{34}>=0.025\) then node 143

  104. 104.

    if \(x_{34}<0.01\) then node 144 elseif \(x_{34}>=0.01\) then node 145

  105. 105.

    class = 0

  106. 106.

    if \(x_5<14\) then node 146 elseif \(x_5>=14\) then node 147

  107. 107.

    if \(x_{24}<2.5\) then node 148 elseif \(x_{24}>=2.5\) then node 149

  108. 108.

    if \(x_{26}<0.01\) then node 150 elseif \(x_{26}>=0.01\) then node 151

  109. 109.

    class = 1

  110. 110.

    if \(x_6<2792.5\) then node 152 elseif \(x_6>=2792.5\) then node 153

  111. 111.

    class = 0

  112. 112.

    class = 1

  113. 113.

    class = 0

  114. 114.

    if \(x_{34}<0.035\) then node 154 elseif \(x_{34}>=0.035\) then node 155

  115. 115.

    class = 1

  116. 116.

    class = 1

  117. 117.

    class = 0

  118. 118.

    if \(x_{29}<0.225\) then node 156 elseif \(x_{29}>=0.225\) then node 157

  119. 119.

    if \(x_5<73.5\) then node 158 elseif \(x_5>=73.5\) then node 159

  120. 120.

    if \(x_{34}<0.055\) then node 160 elseif \(x_{34}>=0.055\) then node 161

  121. 121.

    if \(x_6<4498\) then node 162 elseif \(x_6>=4498\) then node 163

  122. 122.

    if \(x_2<1.5\) then node 164 elseif \(x_2>=1.5\) then node 165

  123. 123.

    if \(x_6<2868\) then node 166 elseif \(x_6>=2868\) then node 167

  124. 124.

    if \(x_3<1\) then node 168 elseif \(x_3>=1\) then node 169

  125. 125.

    class = 1

  126. 126.

    if \(x_{41}<0.405\) then node 170 elseif \(x_{41}>=0.405\) then node 171

  127. 127.

    class = 1

  128. 128.

    class = 0

  129. 129.

    if \(x_{24}<3.5\) then node 172 elseif \(x_{24}>=3.5\) then node 173

  130. 130.

    if \(x_5<3914\) then node 174 elseif \(x_5>=3914\) then node 175

  131. 131.

    class = 1

  132. 132.

    if \(x_1<4.5\) then node 176 elseif \(x_1>=4.5\) then node 177

  133. 133.

    class = 1

  134. 134.

    class = 0

  135. 135.

    class = 1

  136. 136.

    if \(x_{34}<0.915\) then node 178 elseif \(x_{34}>=0.915\) then node 179

  137. 137.

    class = 1

  138. 138.

    class = 0

  139. 139.

    if \(x_{10}<0.5\) then node 180 elseif \(x_{10}>=0.5\) then node 181

  140. 140.

    if \(x_{26}<0.5\) then node 182 elseif \(x_{26}>=0.5\) then node 183

  141. 141.

    class = 0

  142. 142.

    if \(x_{41}<0.465\) then node 184 elseif \(x_{41}>=0.465\) then node 185

  143. 143.

    class = 0

  144. 144.

    class = 0

  145. 145.

    class = 1

  146. 146.

    if \(x_5<11.5\) then node 186 elseif \(x_5>=11.5\) then node 187

  147. 147.

    class = 1

  148. 148.

    class = 1

  149. 149.

    class = 0

  150. 150.

    if \(x_3<1.5\) then node 188 elseif \(x_3>=1.5\) then node 189

  151. 151.

    class = 0

  152. 152.

    class = 1

  153. 153.

    class = 0

  154. 154.

    class = 1

  155. 155.

    if \(x_{29}<0.215\) then node 190 elseif \(x_{29}>=0.215\) then node 191

  156. 156.

    class = 0

  157. 157.

    if \(x_{10}<0.5\) then node 192 elseif \(x_{10}>=0.5\) then node 193

  158. 158.

    if \(x_6<54.5\) then node 194 elseif \(x_6>=54.5\) then node 195

  159. 159.

    if \(x_6<52.5\) then node 196 elseif \(x_6>=52.5\) then node 197

  160. 160.

    class = 1

  161. 161.

    if \(x_5<148.5\) then node 198 elseif \(x_5>=148.5\) then node 199

  162. 162.

    if \(x_1<1325.5\) then node 200 elseif \(x_1>=1325.5\) then node 201

  163. 163.

    class = 1

  164. 164.

    if \(x_{16}<0.5\) then node 202 elseif \(x_{16}>=0.5\) then node 203

  165. 165.

    class = 0

  166. 166.

    class = 0

  167. 167.

    if \(x_1<19\) then node 204 elseif \(x1>=19\) then node 205

  168. 168.

    class = 1

  169. 169.

    class = 0

  170. 170.

    if \(x_5<108420\) then node 206 elseif \(x_5>=108420\) then node 207

  171. 171.

    class = 0

  172. 172.

    if \(x_5<3944\) then node 208 elseif \(x_5>=3944\) then node 209

  173. 173.

    class = 1

  174. 174.

    class = 0

  175. 175.

    if \(x_1<6\) then node 210 elseif \(x_1>=6\) then node 211

  176. 176.

    class = 1

  177. 177.

    class = 0

  178. 178.

    if \(x_5<20910\) then node 212 elseif \(x_5>=20910\) then node 213

  179. 179.

    if \(x_5<7704\) then node 214 elseif \(x_5>=7704\) then node 215

  180. 180.

    class = 1

  181. 181.

    class = 0

  182. 182.

    class = 1

  183. 183.

    class = 0

  184. 184.

    class = 0

  185. 185.

    if \(x_{41}<0.54\) then node 216 elseif \(x_{41}>=0.54\) then node 217

  186. 186.

    class = 1

  187. 187.

    class = 0

  188. 188.

    if \(x_{41}<0.11\) then node 218 elseif \(x_{41}>=0.11\) then node 219

  189. 189.

    class = 1

  190. 190.

    class = 1

  191. 191.

    class = 0

  192. 192.

    if \(x_{41}<0.16\) then node 220 elseif \(x_{41}>=0.16\) then node 221

  193. 193.

    class = 0

  194. 194.

    class = 0

  195. 195.

    class = 1

  196. 196.

    class = 1

  197. 197.

    if \(x_{24}<2.5\) then node 222 elseif \(x_{24}>=2.5\) then node 223

  198. 198.

    class = 0

  199. 199.

    class = 1

  200. 200.

    if \(x_6<502.5\) then node 224 elseif \(x_6>=502.5\) then node 225

  201. 201.

    class = 1

  202. 202.

    if \(x_{21}<0.5\) then node 226 elseif \(x_{21}>=0.5\) then node 227

  203. 203.

    class = 0

  204. 204.

    class = 0

  205. 205.

    class = 1

  206. 206.

    if \(x_{34}<0.015\) then node 228 elseif \(x_{34}>=0.015\) then node 229

  207. 207.

    class = 1

  208. 208.

    class = 0

  209. 209.

    class = 1

  210. 210.

    class = 1

  211. 211.

    class = 0

  212. 212.

    if \(x_5<2810.5\) then node 230 elseif \(x_5>=2810.5\) then node 231

  213. 213.

    class = 0

  214. 214.

    if \(x_5<3585\) then node 232 elseif \(x_5>=3585\) then node 233

  215. 215.

    class = 0

  216. 216.

    class = 1

  217. 217.

    class = 0

  218. 218.

    if \(x_5<11.5\) then node 234 elseif \(x_5>=11.5\) then node 235

  219. 219.

    class = 0

  220. 220.

    if \(x_6<181\) then node 236 elseif \(x_6>=181\) then node 237

  221. 221.

    class = 0

  222. 222.

    if \(x_{34}<0.985\) then node 238 elseif \(x_{34}>=0.985\) then node 239

  223. 223.

    if \(x_{24}<3.5\) then node 240 elseif \(x_{24}>=3.5\) then node 241

  224. 224.

    if \(x_6<216.5\) then node 242 elseif \(x_6>=216.5\) then node 243

  225. 225.

    class = 0

  226. 226.

    class = 1

  227. 227.

    class = 0

  228. 228.

    class = 1

  229. 229.

    if \(x_5<8254.5\) then node 244 elseif \(x_5>=8254.5\) then node 245

  230. 230.

    class = 0

  231. 231.

    class = 1

  232. 232.

    class = 0

  233. 233.

    class = 1

  234. 234.

    if \(x_6<14.5\) then node 246 elseif \(x_6>=14.5\) then node 247

  235. 235.

    if \(x_{34}<0.6\) then node 248 elseif \(x_{34}>=0.6\) then node 249

  236. 236.

    if \(x_2<2.5\) then node 250 elseif \(x_2>=2.5\) then node 251

  237. 237.

    if \(x_5<58\) then node 252 elseif \(x_5>=58\) then node 253

  238. 238.

    if \(x_6<125.5\) then node 254 elseif \(x_6>=125.5\) then node 255

  239. 239.

    if \(x_6<146.5\) then node 256 elseif \(x_6>=146.5\) then node 257

  240. 240.

    if \(x_{34}<0.985\) then node 258 elseif \(x_{34}>=0.985\) then node 259

  241. 241.

    class = 1

  242. 242.

    class = 0

  243. 243.

    class = 1

  244. 244.

    if \(x_5<7804\) then node 260 elseif \(x_5>=7804\) then node 261

  245. 245.

    class = 1

  246. 246.

    class = 1

  247. 247.

    class = 0

  248. 248.

    if \(x_{34}<0.515\) then node 262 elseif \(x_{34}>=0.515\) then node 263

  249. 249.

    class = 0

  250. 250.

    class = 1

  251. 251.

    if \(x_{34}<0.825\) then node 264 elseif \(x_{34}>=0.825\) then node 265

  252. 252.

    class = 0

  253. 253.

    class = 1

  254. 254.

    class = 1

  255. 255.

    class = 0

  256. 256.

    if \(x_{24}<1.5\) then node 266 elseif \(x_{24}>=1.5\) then node 267

  257. 257.

    if \(x_{24}<1.5\) then node 268 elseif \(x_{24}>=1.5\) then node 269

  258. 258.

    class = 0

  259. 259.

    class = 1

  260. 260.

    if \(x_5<1495\) then node 270 elseif \(x_5>=1495\) then node 271

  261. 261.

    class = 0

  262. 262.

    class = 0

  263. 263.

    class = 1

  264. 264.

    class = 1

  265. 265.

    class = 0

  266. 266.

    if \(x_{34}<0.995\) then node 272 elseif \(x_{34}>=0.995\) then node 273

  267. 267.

    if \(x_{29}<0.835\) then node 274 elseif \(x_{29}>=0.835\) then node 275

  268. 268.

    if \(x_{24}<0.5\) then node 276 elseif \(x_{24}>=0.5\) then node 277

  269. 269.

    if \(x_{29}<0.835\) then node 278 elseif \(x_{29}>=0.835\) then node 279

  270. 270.

    class = 1

  271. 271.

    if \(x_5<1612.5\) then node 280 elseif \(x_5>=1612.5\) then node 281

  272. 272.

    if \(x_6<145.5\) then node 282 elseif \(x_6>=145.5\) then node 283

  273. 273.

    if \(x_6<145.5\) then node 284 elseif \(x_6>=145.5\) then node 285

  274. 274.

    class = 0

  275. 275.

    if \(x_6<125\) then node 286 elseif \(x_6>=125\) then node 287

  276. 276.

    class = 1

  277. 277.

    class = 0

  278. 278.

    class = 0

  279. 279.

    class = 1

  280. 280.

    class = 0

  281. 281.

    class = 1

  282. 282.

    class = 0

  283. 283.

    if \(x_{29}<0.75\) then node 288 elseif \(x_{29}>=0.75\) then node 289

  284. 284.

    class = 1

  285. 285.

    class = 0

  286. 286.

    class = 0

  287. 287.

    class = 1

  288. 288.

    class = 0

  289. 289.

    class = 1

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wong, W.K., Juwono, F.H., Eswaran, S. et al. Intrusion detection system model: a white-box decision tree with feature selection optimization. Neural Comput & Applic 37, 5655–5670 (2025). https://doi.org/10.1007/s00521-024-10942-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-024-10942-4

Keywords