Abstract
In this paper, we apply decision trees (DT) to intrusion detection problems. Experimentations are done on KDD’99 datasets. These data offer main features needed to evaluate intrusion detection systems. We consider three levels of attack granularities depending on whether dealing with all attacks, or grouping them in special categories or just focusing on normal and abnormal behaviours. We also extend the classification procedure to handle uncertain observations encountered in connection features. To this end, uncertainty is represented by possibility distributions and the inference in DT is based on the qualitative possibilistic logic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Axelsson, S.: Intrusion detection systems: a survey and taxonomy, Technical report 99–15 (March 2000)
Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and regression trees. Wadsworth & Brooks, Monterey (1984)
Denoeux, T., Skarstein-Bjanger, M.: Induction of decision trees for partially classified data. In: Proceedings of the IEEE International Conference on Systems, Man, and Cybernetics, Nashville, USA, pp. 2923–2928 (2000)
Dubois, D., Lang, J., Prade, H.: Possibilistic logic. Handbook on Logic in Artificial Intelligence and Logic Programming, 3, 439–513 (1994)
Elouedi, Z., Mellouli, K., Smets, P.: Belief decision trees: Theoretical foundations. International Journal of Approximate Reasoning 28, 91–124 (2001)
Hullermeier, E.: Possibilistic induction in decision-tree learning. In: Elomaa, T., Mannila, H., Toivonen, H. (eds.) ECML 2002. LNCS (LNAI), vol. 2430, p. 173. Springer, Heidelberg (2002)
Michie, D., Spiegelhalter, D.J., Taylor, C.C.: Machine learning of rules and trees. In: Machine Learning. Neural and statistical Classification. Ellis Horwood (1994)
Porras, P.A., Neumann., P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the 20th National Information Systems Security Conference, pp. 353–365 (1997)
Portier, P., Froment-Curtil J.: Data mining techniques for intrusion detection, Technical report, University of Texas at Austin (Spring 2000)
Quinlan, J.R.: Induction of decision trees. Machine Learning 1, 1–106 (1986)
Quinlan, J.R.: Probabilistic decision trees, Machine Learning, vol. 3, ch. 5, pp. 267–301. Morgan Kaufmann, San Francisco (1990)
Quinlan, J.R.: C4.5: Programs for machine learning. Morgan Kaufmann, San Mateo (1993)
Mingers, J.: An empirical comparison of selection measures for decision tree induction. Machine learning 4, 227–243 (1989)
Mitchell, T.M.: Decision tree learning. Machine Learning, ch. 3. Copublished by the MIT Press and the McGraw-Hill Compagnies, Inc. (1997)
Fayyad, U.M., Irani, K.B.: On the handling of continuous-valuues attributes in decision tree generation. Machine Learning 8, 87–102 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Amor, N.B., Benferhat, S., Elouedi, Z., Mellouli, K. (2003). Decision Trees and Qualitative Possibilistic Inference: Application to the Intrusion Detection Problem. In: Nielsen, T.D., Zhang, N.L. (eds) Symbolic and Quantitative Approaches to Reasoning with Uncertainty. ECSQARU 2003. Lecture Notes in Computer Science(), vol 2711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45062-7_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-45062-7_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40494-1
Online ISBN: 978-3-540-45062-7
eBook Packages: Springer Book Archive