Rule-Based Decision Tree to Identify Malicious Traffic

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS’s task is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this activity. Since data mining is one of the most emerging fields, when we talk about intrusion detection systems. In this paper, decision tree technique is applied on a small set of network data to find out normal and abnormal behavior. The algorithm generates a decision tree model which differentiates the malicious traffic from normal traffic and then generates rules according to that tree, and incorporates the model’s logic into snort signatures or firewall rules.