Skip to main content
Springer Nature Link
Log in

An Intelligent Tree-Based Intrusion Detection Model for Cyber Security

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

The widespread use of the Internet of Things and distributed heterogeneous devices has shed light on the implementation of efficient and reliable intrusion detection systems. These systems should be able to efficiently protect data and physical devices from cyber-attacks. However, the huge amount of data with different dimensions and security features can affect the detection accuracy and increase the computation complexity of these systems. Lately, Artificial Intelligence has received significant interest and is now being integrated into these systems to intelligently detect and protect against cyber-attacks. This paper aims to propose an intelligent intrusion detection model to predict and detect attacks in cyberspace. The model is designed based on the concept of Decision Trees, taking into consideration the ranking of the security features. The model is applied to a real dataset for network intrusion detection systems. Moreover, it is validated based on predefined performance evaluation metrics, namely accuracy, precision, recall and Fscore. Meanwhile, the experimental results reveal that our tree-based intrusion detection model can detect and predict cyber-attacks efficiently and reduce the complexity of computation process compared to other traditional machine learning techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Data Availability

The dataset used in this research is publicly available on the Kaggle website.

Code Availability

All experiments in this research were implemented in Jupyter Notebook, Python using predefined machine learning packages and libraries, namely sklearn and matplotlib.

References

  1. Otoum, S., Kantarci, B., Mouftah, H.: A Comparative Study of AI-based Intrusion Detection Techniques in Critical Infrastructures. arxiv.org. (2020)

  2. Hesselman, C., Grosso, P., Holz, R., Kuipers, F., Xue, J.H., Jonker, M., de Ruiter, J., Sperotto, A., van Rijswijk-Deij, R., Moura, G.C.M., Pras, A., de Laat, C.: A responsible internet to increase trust in the digital world. J. Netw. Syst. Manag. 28, 882–922 (2020). https://doi.org/10.1007/s10922-020-09564-7

    Article  Google Scholar 

  3. Tavallaee, M., Stakhanova, N., Ghorbani, A.A.: Toward credible evaluation of anomaly-based intrusion-detection methods. IEEE Trans. Syst. Man Cybern. Part C Appl. Rev. 40, 516–524 (2010). https://doi.org/10.1109/TSMCC.2010.2048428

    Article  Google Scholar 

  4. Tapiador, J.E., Orfila, A., Ribagorda, A., Ramos, B.: Key-recovery attacks on KIDS, a keyed anomaly detection system. IEEE Trans. Dependable Secur. Comput. 12, 312–325 (2015). https://doi.org/10.1109/TDSC.2013.39

    Article  Google Scholar 

  5. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18, 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502

    Article  Google Scholar 

  6. Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutorials 21, 686–728 (2019). https://doi.org/10.1109/COMST.2018.2847722

    Article  Google Scholar 

  7. Nisioti, A., Mylonas, A., Yoo, P.D., Katos, V.: From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods. IEEE Commun. Surv. Tutorials 20, 3369–3388 (2018). https://doi.org/10.1109/COMST.2018.2854724

    Article  Google Scholar 

  8. Thomas, T., Vijayaraghavan, A.P., Emmanuel, S.: Machine Learning Approaches in Cyber Security Analytics. Springer, Singapore (2019)

    Google Scholar 

  9. Otoum, S., Kantarci, B., Mouftah, H.T.: A novel ensemble method for advanced intrusion detection in wireless sensor networks. In: IEEE International Conference on Communications. Institute of Electrical and Electronics Engineers Inc. (2020)

  10. Al Ridhawi, I., Otoum, S., Aloqaily, M., Boukerche, A.: Generalizing AI: challenges and opportunities for plug and play AI solutions. IEEE Netw. (2020). https://doi.org/10.1109/MNET.011.2000371

    Article  Google Scholar 

  11. Ferrag, M.A., Maglaras, L., Moschoyiannis, S., Janicke, H.: Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J. Inf. Secur. Appl. 50, 102419 (2020). https://doi.org/10.1016/j.jisa.2019.102419

    Article  Google Scholar 

  12. Gumusbas, D., Yldrm, T., Genovese, A., Scotti, F.: A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Syst. J. (2020). https://doi.org/10.1109/jsyst.2020.2992966

    Article  Google Scholar 

  13. Shapoorifard, H., Shamsinejad, P.: Intrusion detection using a novel hybrid method incorporating an improved KNN. Int. J. Comput. Appl. 173, 5–9 (2017). https://doi.org/10.5120/ijca2017914340

    Article  Google Scholar 

  14. Ji, S.Y., Choi, S., Jeong, D.H.: Designing an internet traffic predictive model by applying a signal processing method. J. Netw. Syst. Manag. 23, 998–1015 (2015). https://doi.org/10.1007/s10922-014-9335-3

    Article  Google Scholar 

  15. Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65, 2986–2998 (2016). https://doi.org/10.1109/TC.2016.2519914

    Article  MathSciNet  MATH  Google Scholar 

  16. Amiri, F., Rezaei Yousefi, M., Lucas, C., Shakery, A., Yazdani, N.: Mutual information-based feature selection for intrusion detection systems. J. Netw. Comput. Appl. 34, 1184–1199 (2011). https://doi.org/10.1016/j.jnca.2011.01.002

    Article  Google Scholar 

  17. Xin, Y., Kong, L., Liu, Z., Chen, Y., Li, Y., Zhu, H., Gao, M., Hou, H., Wang, C.: Machine learning and deep learning methods for cybersecurity. IEEE Access 6, 35365–35381 (2018). https://doi.org/10.1109/ACCESS.2018.2836950

    Article  Google Scholar 

  18. Mahdavifar, S., Ghorbani, A.A.: Application of deep learning to cybersecurity: a survey. Neurocomputing 347, 149–176 (2019). https://doi.org/10.1016/j.neucom.2019.02.056

    Article  Google Scholar 

  19. Sultana, N., Chilamkurti, N., Peng, W., Alhadad, R.: Survey on SDN based network intrusion detection system using machine learning approaches. Peer-to-Peer Netw. Appl. 12, 493–501 (2019). https://doi.org/10.1007/s12083-017-0630-0

    Article  Google Scholar 

  20. Kang, M.-J., Kang, J.-W.: Intrusion detection system using deep neural network for in-vehicle network security. PLoS One 11, e0155781 (2016). https://doi.org/10.1371/journal.pone.0155781

    Article  Google Scholar 

  21. Feng, F., Liu, X., Yong, B., Zhou, R., Zhou, Q.: Anomaly detection in ad-hoc networks based on deep learning model: a plug and play device. Ad Hoc Netw. 84, 82–89 (2019). https://doi.org/10.1016/j.adhoc.2018.09.014

    Article  Google Scholar 

  22. Zhao, G., Zhang, C., Zheng, L.: Intrusion detection using deep belief network and probabilistic neural network. In: Proceedings—2017 IEEE International Conference on Computational Science and Engineering and IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, CSE and EUC 2017, pp. 639–642. Institute of Electrical and Electronics Engineers Inc. (2017)

  23. Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inf. Secur. Appl. 44, 80–88 (2019). https://doi.org/10.1016/j.jisa.2018.11.007

    Article  Google Scholar 

  24. Aloqaily, M., Otoum, S., Al Ridhawi, I., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 101842 (2019). https://doi.org/10.1016/j.adhoc.2019.02.001

    Article  Google Scholar 

  25. Peng, Y., Wu, Z., Jiang, J.: A novel feature selection approach for biomedical data classification. J. Biomed. Inform. 43, 15–23 (2010). https://doi.org/10.1016/j.jbi.2009.07.008

    Article  Google Scholar 

  26. Kang, S.H., Kim, K.J.: A feature selection approach to find optimal feature subsets for the network intrusion detection system. Clust. Comput. 19, 325–333 (2016). https://doi.org/10.1007/s10586-015-0527-8

    Article  Google Scholar 

  27. Eesa, A.S., Orman, Z., Brifcani, A.M.A.: A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst. Appl. 42, 2670–2679 (2015). https://doi.org/10.1016/j.eswa.2014.11.009

    Article  Google Scholar 

  28. Ingre, B., Yadav, A., Soni, A.K.: Decision tree based intrusion detection system for NSL-KDD dataset. In: Satapathy S., Joshi A. (eds.) Information and Communication Technology for Intelligent Systems (ICTIS 2017) - Vol. 2, ICTIS 2017. Smart Innovation, Systems and Technologies, pp. 207–218. Springer Science and Business Media Deutschland GmbH (2018)

  29. Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 73, 2881–2895 (2017). https://doi.org/10.1007/s11227-015-1604-8

    Article  Google Scholar 

  30. Sarker, I.H., Colman, A., Han, J., Khan, A.I., Abushark, Y.B., Salah, K.: BehavDT: a behavioral decision tree learning to build user-centric context-aware predictive model. Mob. Netw. Appl. 25, 1151–1161 (2020). https://doi.org/10.1007/s11036-019-01443-z

    Article  Google Scholar 

  31. Puthran, S., Shah, K.: Intrusion detection using improved decision tree algorithm with binary and quad split. In: Mueller P., Thampi S., Alam Bhuiyan M., Ko R., Doss R., Alcaraz Calero J. (eds.) Security in Computing and Communications, pp. 427–438. Springer (2016)

  32. Rai, K., Syamala Devi, M., Guleria, A.: Decision tree based algorithm for intrusion detection. Int. J. Adv. Netw. Appl. 7, 2828–2834 (2016)

    Google Scholar 

  33. Sarker, I.H., Abushark, Y.B., Alsolami, F., Khan, A.I.: IntruDTree: a machine learning based cyber security intrusion detection model. Symmetry (Basel) 12, 754 (2020). https://doi.org/10.3390/SYM12050754

    Article  Google Scholar 

  34. Kaggle, https://www.kaggle.com (2020). Accessed 24 July 2020

  35. Zheng, A., Casari, A.: Feature Engineering for Machine Learning. O’Reilly Media, Sebastopol (2018)

    Google Scholar 

  36. Han, J., Kamber, M., Pei, J.: Data mining: Concepts and Techniques. Elsevier, Amsterdam (2012)

    MATH  Google Scholar 

Download references

Funding

Not applicable.

Author information

Authors and Affiliations

  1. Department of Business Information Technology, Princess Sumaya University for Technology, Amman, Jordan

    Mohammad Al-Omari, Majdi Rawashdeh & Fadi Qutaishat

  2. Department of Information Systems, Al al-Bayt University, Al-Mafraq, Jordan

    Mohammad Alshira’H

  3. Department of Information Security Engineering Technology (ISET), Abu Dhabi Polytechnic, Abu Dhabi, UAE

    Nedal Ababneh

Authors
  1. Mohammad Al-Omari
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Majdi Rawashdeh
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Fadi Qutaishat
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Mohammad Alshira’H
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Nedal Ababneh
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Mohammad Al-Omari.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Al-Omari, M., Rawashdeh, M., Qutaishat, F. et al. An Intelligent Tree-Based Intrusion Detection Model for Cyber Security. J Netw Syst Manage 29, 20 (2021). https://doi.org/10.1007/s10922-021-09591-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-021-09591-y

Keywords