Centroid-Based Nearest Neighbor Feature Representation for E-Government Intrusion Detection

Accompanied by the invention of information and communication of technologies, e-government has become a prominent feature of modern governance in every country. The aims of e-government are to promote executive efficiencies, to reduce transaction costs of citizen, and to increase the responsiveness of the public sector. However, the requirement of pursuing these goals is based on the security measures of intrusion detection systems (IDS). If technologies are not advanced enough to distinguish between normal connections and illegal attacks, citizens would be doubtful in using the access of e-government to interact with the public sector and will eventually lose the trust of government. Technically, feature representation is an important key to successful pattern classification. However, very few studies focus on extracting better representative features of normal connections and attacks for better detection. Therefore, this paper proposes a novel feature representation approach by cluster centers and nearest neighbors, namely CANN. In this approach, two distances are measured and summed. The first one is based on the distance between each data sample and its cluster center, and the second distance is between the data and its nearest neighbor in the same cluster. Then, this new and one-dimensional distance based feature is used to represent each data sample for intrusion detection The experimental results based on the KDD-Cup 99 dataset show that CANN not only can make the k-nearest neighbor classifier perform reasonably well, but also provides high computational efficiency for the time of training and testing a classifier.