Most current intrusion detection systems are signature based. The major limitation of this technique is its incapacity to detect new attacks, which by definition cannot be in the database of signatures. It is important to be able to detect this type of attack, because they mean that the attacker has new means to bypass information system protections. Only, the implementation of several anomaly detection methods make possible, in theory, the detection of these new attacks. Numerous researches worked on the transformation of the DARPA 98 traffic into KDD 99 intrusion detection data set. These researches revealed many limitations of this transformation. We extend recent work that proposed the most efficient machine-learning algorithm based on decision trees and suggest an improvement of the transformation to discover known and unknown attacks. Experimental results prove that the suggested method succeeded in the detection of new attacks and exceeded previous work.