Network intrusion detection system using J48 Decision Tree

As the number of cyber attacks have increased, detecting the intrusion in networks become a very tough job. For network intrusion detection system (NIDS), many data mining and machine learning techniques are used. However, for evaluation, most of the researchers used KDD Cup 99 data set, which has widely criticized for not showing current network situation. In this paper we used a new labelled network dataset, called Kyoto 2006+ dataset. In Kyoto 2006+ data set, every instant is labelled as normal (no attack), attack (known attack) and unknown attack. We use Decision Tree (J48) algorithm to classify the network packet that can be used for NIDS. For training and testing we used 134665 network instances. The generated rules works with 97.2% correctness for detecting the connection i.e., no attack, known attack or unknown attack.