L-SCANN: Logarithmic Subcentroid and Nearest Neighbor

Securing a computer network has become a need in this digital era. One way to ensure the security is by deploying an intrusion detection system (IDS), which some of them employs machine learning methods, such as k-nearest neighbor. Despite its strength for detecting intrusion, there are some factors, which should be improved. In IDS, some research has been done in terms of feature generation or feature selection. However, its performance may not be good enough. In this paper, a method to increase the quality of the generated features while maintaining its high accuracy and low computational time is proposed. This is done by reducing the search space in training data. In this case, the authors use distance between the evaluated point and the centroid of the other clusters, as well as the logarithmic distance between the evaluated point and the subcentroid of the respective cluster. Besides the performance, the effect of homogeneity in extracting centroid and subcentroid on the accuracy of the detection model is also evaluated. Based on conducted experiment, authors find that the proposed method is able to decrease processing time and increase the performance. In more details, by using NSL-KDD 20% dataset, there is an increase of 4%, 2%, and 6% from those of TANN in terms of accuracy, sensitivity and specificity, respectively. Similarly, by using Kyoto 2006 dataset, proposed method rises 1%, 3%, and 2% than those of TANN.