ABSTRACT
An Intrusion Detection System (IDS) is a defense measure that supervises activities of the computer network and
reports the malicious activities to the network administrator. Intruders do many attempts to gain access to the
network and try to harm the organization’s data. Thus the security is the most important aspect for any type of
organization. Due to these reasons, intrusion detection has been an important research issue. An IDS can be
broadly classified as Signature based IDS and Anomaly based IDS. In our proposed work, the decision tree
algorithm is developed based on C4.5 decision tree approach. Feature selection and split value are important
issues for constructing a decision tree. In this paper, the algorithm is designed to address these two issues. The
most relevant features are selected using information gain and the split value is selected in such a way that makes
the classifier unbiased towards most frequent values. Experimentation is performed on NSL-KDD (Network
Security Laboratory Knowledge Discovery and Data Mining) dataset based on number of features. The time
taken by the classifier to construct the model and the accuracy achieved is analyzed. It is concluded that the
proposed Decision Tree Split (DTS) algorithm can be used for signature based intrusion detection.
Keywords: - Decision Tree, Information Gain, Gain Ratio, NSL-KDD, Signature-based IDS