A NETWORK INTRUSION DETECTION SYSTEM USING DECISION TREE MACHINE LEARNING ON AN ISTN ARCHITECTURE

Abstract

In recent years, the Navy has shown interest in an integrated satellite-terrestrial networking (ISTN) architecture for unmanned systems. With the development of satellite networks and growing numbers of unmanned system networks being connected, security and privacy are major concerns in an ISTN. In this thesis, we develop a network intrusion detection system (NIDS) specifically for an ISTN. We identify the critical location of the NIDS within the ISTN architecture and use the decision tree machine learning algorithm to perform cyber-attack detection against various threat vectors, including distributed denial of service. The decision tree algorithm is used to classify and segregate attack traffic from benign traffic. We use an open source ISTN data set available in the literature to train our algorithm. The decision tree is implemented using different split criteria, varying number of splits, and the use of principal component analysis (PCA). We manipulate the size of the training data and the number of data features to achieve reasonable false positive rates. We show that our NIDS framework based on decision tree learning can effectively detect and segregate different attack data classes.