Intrusion Detection with Low False Alarms using Decision Tree-based SVM Classifier

Document Type : Original Article


Department of Computer Sciences, Faculty of Sciences, Golestan University, Gorgan, Iran


Todays, Intrusion Detection Systems (IDS) are considered as key components of security networks. However, high false positive and false negative rates are the important problems of these systems. On the other hand, many of the existing solutions in the articles are restricted to class datasets due to the use of a specific technique, but in real applications they may have multi-variant datasets. With the impetus of the facts, this paper presents a new anomaly based intrusion detection system using J48 Decision Tree, Support Vector Classifier (SVC) and k-means clustering algorithm in order to reduce false alarm rates and enhance the system performance. J48 decision tree algorithm is used to select the best features and optimize the dataset. Also, an SVM classifier and a modified k-means clustering algorithm are used to build a profile of normal and anomalous behaviors of dataset. Simulation results on benchmark NSL-KDD, CICIDS2017 and synthetic datasets confirm that the proposed method has significant performance in comparison with previous approaches.


Main Subjects

  • Gupta, A. Garg, A. Singh, S. Batra, N. Kumar, and M. Obaidat, "ProIDS: Probabilistic Data Structures Based Intrusion Detection System for Network Traffic Monitoring", in IEEE Global Communications Conference (GLOBECOM 17), 2017, pp. 1-6.
  • Internet Security Threat Report (ISTR), 2017. URL:
  • Garg, A. Singh, S. Batra, N. Kumar, and L. Yang, "UAV-Empowered Edge Computing Environment for Cyber-Threat Detection in Smart Vehicles", IEEE Network, Vol. 32, No. 3, pp.42–51, 2018.
  • Garg, K. Kaur, N. Kumar, S. Batra, and M. Obaidat, "HyClass: Hybrid Classification Model for Anomaly Detection in Cloud Environment", in 2018 IEEE International Conference on Communications (ICC), 2018, pp. 1-7.
  • Raman, N. Somu, K. Kirthivasan, R. Lisano, and V. Sriram, "An efficient intrusion detection system based on hyper graph Genetic algorithm for parameter optimization and feature selection in support vector machine, Knowledge-Based Systems, Vol. 134, No. 4, pp. 1-12, 2017.
  • Singh, H. Kumar, and R. Singla, "An intrusion detection system using network traffic profiling and online sequential extreme learning machine", Expert Systems with Applications, Vol. 42, No. 22, pp. 8609-8624, 2015.
  • Guo, Y. Ping, N. Liu, and S. Luo, "A two level hybrid approach for intrusion detection", Neurocomputing, Vol. 214, No. 4, pp. 391-400, 2016.
  • Mazraeh, M. Ghanavati, and S. Neysi, "Intrusion detection system with decision tree and combine method algorithm", International Academic Journal of Science and Engineering, Vol. 3, No. 2, pp. 21-31, 2016.
  • Al-Yaseen, Z. Othman, and M. Nazri, "Multi-level hybrid support vector machine and extreme learning machine based on modifed K-means for intrusion detection system", Expert Systems with Applications, Vol. 67, No. 1, pp. 296-303, 2016.
  • Prasad, A. Reddy, and K. Rao, "BARTD: Bioinspired anomaly based real time detection of under rated App-DDoS attack on web", Journal of King Saud University– Computer and Information Sciences, Vol. 32, No. 1, pp. 73-87, 2017.
  • Singaravelan, R. Arun, D. Arunshunmugam, S. Joy, and D. Murugan, "Inner interruption discovery and defense system by using data mining", Journal of King Saud University-Computer and Information Sciences, 2017, in press.
  • Venkatesan, M. Basha, C. Chellappan, A. Vaish, and P. Dhavachelvan, "Analysis of accounting models for the detection of duplicate requests in web services", Journal of King Saud University- Computer and Information Sciences, Vol. 25, No. 1, pp. 7-24, 2013.
  • Chandola, A. Banerjee, and V. Kumar, "Anomaly detection for discrete sequences: A survey", IEEE Transactions on Knowledge and Data Engineering, Vol. 24, No. 5, pp. 823–839, 2012.
  • Akoglu, H. Tong, and D. Koutra, "Graph based anomaly detection and description: a survey", Data Mining and Knowledge Discovery, Vol. 29, No. 3, pp. 626–688, 2015.
  • Elik, F. Dadas¸ E. Elik, and A. Dokuz, "Anomaly detection in temperature data using dbscan algorithm", in International Symposium on Innovations in Intelligent Systems and Applications (INISTA), 2011, pp. 91–95.
  • Lv, T. Ma, M. Tang, J. Cao J, Y. Tian, A. Al-Dhelaan, and M. Al-Rodhaan, "An efficient and scalable density-based clustering algorithm for datasets with complex structures", Neurocomputing, Vol. 171, No. 1, pp. 9–22, 2016.
  • Wang, B. Zhang, D. Wang, Y. Jiang, S. Qin, and L. Xue, "Anomaly detection based on probability density function with kullback–leibler divergence", Signal Processing, Vol. 126, No. 1, pp. 12–17, 2016.
  • Song, Y. Sun, G. Han, and J. Rodrigues, "Intrusion detection based on hybrid classifiers for smart grid", Computers & Electrical Engineering, Vol. 93, No. 4, pp. 285-298, 2021.
  • Gu, and S. Lu, "An effective intrusion detection approach using SVM with naïve Bayes feature embedding", Computers & Security, Vol. 103, No. 3, pp. 315–329, 2021.
  • Garg, and S. Batra, "Flexible Subspace Clustering: A Joint Feature Selection and K-Means Clustering Framework", Big Data Research, Vol. 23, No. 1, pp. 211-231, 2021.
  • Tao, Y. Zhang, and Q. Wang, "Fuzzy c-mean clustering-based decomposition with GA optimizer for FSM synthesis targeting to low power ", Engineering Applications of Artificial Intelligence, Vol. 68, No. 2, pp. 40-52, 2018.
  • Bezdek, R. Ehrlich, and W. Full, "Fcm: The fuzzy c-means clustering algorithm", Computers & Geosciences, Vol. 10, No. 2, pp. 191–203, 1984.
  • Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, "A Detailed Analysis of the KDD CUP 99 Data Set", In Proceedings of the 2009 IEEE Symposium on Computational Intelligence, 2009.
  • Thakkar, and R. Lohiya, " A Review of the Advancement in Intrusion Detection Datasets ", Procedia Coputer Science, Vol. 167, No. 2, pp. 636-645, 2020.



  • Aliakbar Tajari Siahmarzkooh received the B.Sc. degree in Computer Engineering from Ferdowsi University of Iran in 2009, and the M.Sc. and Ph.D. degree in Computer Science from University of Tabriz, Iran in 2012 and 2017, respectively. He has been working with the Department of Computer Sciences, Golestan University, since 2017, where he is now an assistant professor. His current research interests include network security, data mining and artificial intelligence.