Intrusion detection is required to protect the security of computer network systems by detecting intrusive activities occurring in computer network systems. In this paper, we present decision tree techniques that are used to automatically learn intrusion signatures and classify activities in computer network systems as normal or intrusive for intrusion detection. We show the design of decision tree classifiers for intrusion detection, using different features of raw activity data in computer network systems and different sizes of observation windows. The performance of decision tree classifiers is discussed. We also present the impact of noises in data on the detection performance of the decision tree classifiers. Computer audit data from the Basic Security Module of the Solaris operating system are used to train and test the decision tree classifiers.
Special Issue Papers