Securing a computer network has become a need in this digital era. One way to ensure the security is by de- ploying an intrusion detection system (IDS), which some of them employs machine learning methods, such as k-nearest neighbor. Despite its strength for detecting intrusion, there are some factors, which should be improved. In IDS, some re- search has been done in terms of feature generation or feature selection. However, its performance may not be good enough. In this paper, a method to increase the quality of the generated features while maintaining its high accuracy and low compu-Tational time is proposed. This is done by reducing the search space in training data. In this case, the authors use distance between the evaluated point and the centroid of the other clus-Ters, as well as the logarithmic distance between the evaluated point and the subcentroid of the respective cluster. Besides the performance, the effect of homogeneity in extracting cen-Troid and subcentroid on the accuracy of the detection model is also evaluated. Based on conducted experiment, authors find that the proposed method is able to decrease processing time and increase the performance. In more details, by us- ing NSL-KDD 20% dataset, there is an increase of 4%, 2%, and 6% from those of TANN in terms of accuracy, sensitivity and specificity, respectively. Similarly, by using Kyoto 2006 dataset, proposed method rises 1%, 3%, and 2% than those of TANN.

Original languageEnglish
Pages (from-to)71-80
Number of pages10
JournalJournal of Telecommunications and Information Technology
Issue number4
Publication statusPublished - 2016


  • Clustering
  • Feature transformation
  • Information security
  • Network security


Dive into the research topics of 'L-SCANN: Logarithmic subcentroid and nearest neighbor'. Together they form a unique fingerprint.

Cite this