
Research Article
A Partial Approach to Intrusion Detection
@INPROCEEDINGS{10.1007/978-3-030-68734-2_5, author={John Sheppard}, title={A Partial Approach to Intrusion Detection}, proceedings={Digital Forensics and Cyber Crime. 11th EAI International Conference, ICDF2C 2020, Boston, MA, USA, October 15-16, 2020, Proceedings}, proceedings_a={ICDF2C}, year={2021}, month={2}, keywords={IDS Data mining Partial decision trees CICIDS PCA}, doi={10.1007/978-3-030-68734-2_5} }
- John Sheppard
Year: 2021
A Partial Approach to Intrusion Detection
ICDF2C
Springer
DOI: 10.1007/978-3-030-68734-2_5
Abstract
The need for intrusion detection continues to grow with the advancement of new and emerging devices, the increase in the vectors of attack these bring, and their computational limitations. This work examines the suitability of a traditional data mining approach often overlooked in intrusion detection, partial decision trees, on the recent CICIDS 2017 dataset. The approach was evaluated against recent deep learning results and shows that the partial decision tree outperformed these deep learning techniques for the detection of DDoS and Portscan attacks. Further analysis of the complete dataset has been performed using this partial technique. The creation of a reduced feature version of the dataset is proposed using PCA and is evaluated using a partial decision tree. It shows that a ten feature version of the dataset can produce a detection rate of 99.4% across the twelve classes, with a 77% reduction in training time.