Identification of Network Traffic Intrusion Using Decision Tree

Abstract

Network technology plays an increasingly important role in all aspects of social life. The Internet has brought a new round of industrial revolution and industrial upgrading. The arrival of the “Internet” era is accompanied by a large‐scale increase in network applications and the number of netizens. At the same time, the number and severity of cyberattacks continue to increase. Therefore, intrusion detection systems (IDSs) have become an important part of the current network security infrastructure in various industries. Anomaly detection of network traffic data is an effective method for network protection. In order to better realize the detection of network traffic anomalies, several algorithms have been successfully applied. Most of them come from artificial intelligence (AI), but there is a general problem of excessive model execution processing time and low detection rates. And through a lot of research, it is found that most models do not pay enough attention to the data processing in the early stage. Therefore, in this paper, we optimize the data normalization process through a series of experiments and combine the PCA feature selection method to propose an optimized MaxAbs‐DT classifier model. To train and measure the performance of the model, we used the NSL‐KDD dataset, which is the benchmark dataset for most network anomaly detection models. The experimental results show that MaxAbs‐DT outperforms other existing models and validates the effectiveness of the method. In addition, its execution time is greatly reduced compared to many models.