Our investigation aims at detecting network intrusions using decision tree algorithms. Large differences in prior class probabilities of intrusion data have been reported to hinder the performance of decision trees.We propose to replace the Shannon entropy used in tree induction algorithms with a Kolmogorov-Smirnov splitting criterion which locates a Bayes optimal cutpoint of attributes. The Kolmogorov-Smirnov distance based on the cumulative distributions is not degraded by class imbalance. Numerical test results on the KDDCup99 dataset showed that our proposals are attractive to network intrusion detection tasks. The single decision tree gives best results for minority classes, cost metric and global accuracy compared with the bagged boosting of trees of the KDDCup’99 winner and classical decision tree algorithms using the Shannon entropy. In contrast to the complex model of KDDCup winner, our decision tree represents inductive rules (IF-THEN) that facilitate human interpretation.