AnalyzingNB, DT and NBTree Intrusion Detection Algorithms

Deeman Yousif Mahmood1, Dr. Mohammed Abdullah Hussein2

College of Science, University of Sulaimani, 2 College of Engineering, University of Sulaimani

This work implements data mining techniques for analysing the performance of Naive Bayes,
C4.5 Decision Tree, and the hybrid of these two algorithms the Naive Bayes Tree (NBTree). The
goal is to select the most efficient algorithm to build a network intrusion detection system (NIDS).
For our experimental analysis we used the new NSL-KDD dataset, which is a modified dataset of
the KDDCup 1999 intrusion detection benchmark dataset, with a split of 66.0% for the training set
and the remainder for the testing set. In the testing process Weka has been used, which is a Java
based open source framework consisting of a collection of machine learning algorithms for data
mining applications. In terms of accuracy the experimental results show that the hybrid NBTree is
more precise than the other two approaches and the decision tree is better than the Naive Bayes
algorithm. Otherwise, in terms of speed of response the Naive Bayes outperform the other two
algorithms followed by Decision Tree and NBTree, respectively.

Keywords: Decision Tree (C4.5); Intrusion detection System (IDS); Naïve Bayes (NB); NBTree; NSL-
KDD; Weka


[1] Deeman Y. Mahmood, Mohammed A. Hussein, "Intrusion Detection System Based on K-
Star Classifier and Feature Set Reduction", International Organization of Scientific
Research Journal of Computer Engineering (IOSR-JCE) Vol.15, Issue 5, PP. 107-112,
Dec. 2013.
[2] D. A. Frincke, D. Tobin, J. C. McConnell, J. Marconi, and D.Polla, "A framework for
cooperative intrusion detection", In Proc. 21st NIST-NCSC National Information Systems
Security Conference, pages 361-373, 1998.
[3] Denning D, "An Intrusion-Detection Model", IEEE Transactions on Software
Engineering, Vol. SE-13, No 2, Feb 1987.
[4] Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, and Ali A. Ghorbani "A Detailed Analysis
of the KDD CUP 99 Data Set", proceeding of the 2009 IEEE symposium on
computational Intelligence in security and defense application.
[5] R. Shanmugavadiva, Dr. N. Nagarajan "Network Intrusion Detection System Using Fuzzy
Logic", Indian journal of Computer Science and Engineering(IJCSE) Janeuary 2011.
[6] Gary Stein, Bing Chen, "Decision Tree Classifier for network intrusion detection with GA
based feature selection", University of Central Florida. ACM-SE 43, proceedings of 43rd
annual Southeast regional Conference. Volume 2, 2005, ACM, New York, USA.
[7] Rupali S. Shishupal , T.J.Parvat, " Layered Framework for Building Intrusion Detection
Systems", International Journal of Advances in Computing and Information Researches
ISSN:2277-4068, Volume 1– No.2, April 2012.
[8] Dewan Md. Farid, Nouria Harbi, and Mohammad Zahidur Rahman, "COMBINING
DETECTION",International Journal of Network Security & Its Applications (IJNSA),
Volume 2, Number 2, April 2010.
[10] Manasi Gyanchandani, R. N. Yadav, J. L. Rana, "Intrusion Detection using C4.5:
Performance Enhancement by Classifier Combination", ACEEE Int. J. on Signal &
Image Processing, Vol. 01, No. 03, Dec 2010.
[11] S. B. Kotsiantis "Supervised Machine Learning: A Review of Classification
Techniques", Informatica 31:249–268 (2007).
[12] Ian H. Witten, Eibe Frank, Mark A. Hall "Data Mining Practical Machine Learning
Tools and Techniques", Copyright © 2011 Elsevier Inc.
[13] Gaffney John E., Ulvila, J.W., "Evaluation of intrusion detectors: a decision theory
approach", Security and Privacy, 2001. S&P 2001. Proceedings. 2001 IEEE Symposium
[14] Yogendra Kumar Jain, Upendra,"An Efficient Intrusion Detection BasedonDecision.
Tree Classifier Using Feature Reduction",IJSRP, Volume 2, Issue 1, January 2012
Edition [ISSN 2250-3153].
[15] Pumpuang P., Srivihok A. , Praneetpolgrang P. , "Comparisons of Classifier
Algorithms: Bayesian Network, C4.5, Decision Forest and NBTree for Course
Registration Planning Model of Undergraduate Students", SMC 2008. IEEE International
[16] The Knowledge Discovery in Databases, NSL-KDD dataset,
[17] University of Waikato, WEKA: Waikato environment for knowledge analysis. Data
Mining Software in Java.
Yogendra Kumar Jain, Upendra, “Intrusion Detection using Supervised Learning with Feature
Set Reduction”, International Journal of Computer Applications (0975 – 8887), Volume 33–
No.6, November 2011.