Decision tree learning algorithms have been successfully used in knowledge discovery. They use induction in order to provide an appropriate classification of objects in terms of their attributes, inferring decision tree rules. This paper reports on the use of ID3 to Web attack detection. Even though simple, ID3 is sufficient to put apart a number of Web attacks, including a large proportion of their variants.
It also surpasses existing methods: it portrays a higher true-positive detection rate and a lower false-positive one. The ID3 output classification rules that are easy to read and so computer officers are more likely to grasp the root of an attack, as well as extending the capabilities of the classifier.