Decision Trees and Machine Learning for Cybersecurity: How Model Settings Affect Attack Detection

Download PDF
Open Webpage

Konrad Lukiewicz, Michal Podpora, Grzegorz Dralus, Damian Mazur, Jakub Dralus, Tomasz Kajdanowicz, Aleksandra Kawala-Sterniuk

Published: 2025, Last Modified: 26 May 2026ICCS (Workshops 1) 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: The aim of this research is to evaluate the effectiveness of decision trees in detecting cyberattacks and to compare different learning conditions’ impact on classification performance. The paper presents an analysis of the impact of various hyperparameters, including splitting criteria (Gini vs. Entropy), feature selection, and tree depth, on the accuracy, precision, recall, and F-measure of models. A comparative analysis is performed using machine learning classifiers, such as Gradient Boosting, AdaBoost, Support Vector Machines (SVM), Lasso, and Random Forest, to assess their relative performance in cyber-attack classification. The findings demonstrate that decision trees are able to achieve high effectiveness in detecting network intrusions, and feature selection can enhance classification performance. Some of the classifiers among the evaluated models, including Random Forest and Gradient Boosting, offer better performance, showcasing their potential as alternatives to decision trees in cybersecurity applications. The results show the importance of hyperparameter optimization and feature engineering, particularly in improving threat detection model performance and/or accuracy.