Denial of Service (DoS) attacks constitutes one of the major threats and among the hardest security problems currently facing computer networks and particularly the Internet. A DoS attack can easily exhausts the computing and communication resources of its victim within a short period of time. Because of the seriousness of the problem many defense mechanisms have been proposed to fight these attacks. In this paper, we propose an approach that detects DoS attacks using data mining classification techniques. The approach is based on classifying “normal” traffic against “abnormal” traffic in the sense of DoS attacks. The paper investigates and evaluates the performance of J48 decision tree algorithm for the detection of DoS attacks and compares it with two rule based algorithms, namely OneR and Decision table. The selected algorithms were tested with benchmark 1998 DARPA Intrusion Detection data. Our research results show that both Decision tree and rule based classifiers deliver highly accurate results – greater than 99% accuracy – and exhibit high level of overall performance.

DOI: http://dx.doi.org/10.11591/ij-ai.v2i2.1937