DECISION TREE APPLICATION TO INTRUSION DETECTION SYSTEMS Cover Image

ПРИЛОЖЕНИЕ НА ДЪРВО НА РЕШЕНИЯТА В СИСТЕМИТЕ ЗА ОТКРИВАНЕ НА НАРУШЕНИЯ
DECISION TREE APPLICATION TO INTRUSION DETECTION SYSTEMS

Author(s): Veselina Jecheva, Evgeniya Nikolova
Subject(s): Information Architecture, Electronic information storage and retrieval, Education and training
Published by: Бургаски свободен университет
Keywords: Intrusion detection systems (IDS); anomaly-based IDS; C4.5 algorithm; decision tre; cluster analysis
Summary/Abstract: The purpose of the intrusion detection systems (IDS) is to reveal any violence of the organizations’ security policy – unauthorized access from outsiders, rising privileges of authorized users, violation of the confidentiality and/or integrity of system resources. The present paper presents an examination of the current IDS, based on the anomalies (behavioral analysis), where C4.5 algorithm is applied in a host-based scenario in order to describe the normal user activity, using decision tree. As a second step, a cluster analysis has been applied with purpose to classify current user activity as normal or malicious. With purpose of approving the proposed methodology, a number of simulation experiments have been applied and the obtained results have been analyzed.