Neural networks vs. decision trees for intrusion detection

Signature based intrusion detection systems cannot detect new attacks. These systems are the most used and developed ones. Current anomaly based intrusion detection systems are also unable to detect all kinds of new attacks because they are designed to restricted applications on limited environment. Current hackers are using new attacks where neither preventive techniques mainly based on access control nor current intrusion detection systems can prevent the devastating results of these attacks against information systems. We enhance the notion of anomaly detection and we use both neural networks and decision trees for intrusion detection. Since these techniques are mainly applicable to misuse detection, we use our anomaly detection enhancement and improve these techniques for anomaly detection. Experimental results demonstrate that while neural networks are highly successful in detecting known attacks, decision trees are more interesting to detect new attacks. The proposed methods outperform previous work in detecting both known and new attacks.