Abstract
The Internet of Things and cyber physical systems are emerging networks that enable several additional layers of services to improve various facets of human life. The risk of network intrusions also rises as a result of these additional connected vulnerabilities. One method for detecting attacks and anomalies in the network is the intrusion detection system (IDS). But an efficient IDS is defined by two characteristics i.e., computational efficiency and classification efficiency with less false alarm rates, which can be achieved by preprocessing network traffic and identification of essential features. A k-nearest neighbor-(KNN) algorithm was used prominently in the development of network IDS due to its better detection rates. But it is very challenging to pick up an appropriate K-value for KNN and especially, when the data classes are imbalanced. Additionally, KNN is a lazy classifier since it does not learn a discriminative function from the training samples instead it memorizes them. This paper focuses on improving existing KNN classifier to achieve classification efficiency and speed in the execution of intrusion detection process. An improvement in shallow KNN is proposed by arranging the attributes of the data in a way that the sample data that is pertinent to distance computation, followed by quantification, and indexing nearest neighbors of the data block. The design and development of the proposed modified KNN driven IDS is carried out using python programming language executed on Anaconda distribution. The validation and effectiveness of the proposed work is done against benchmarked NSL-KDD dataset. The results shows that the proposed KNN++ are higher than classical KNN by 5.33%, LR by 28.17%, GNB by 72.67%, and SVM by 20.21%, in terms of F1 score.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig8_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig9_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig10_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig11_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig12_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig13_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig14_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs11277-023-10722-8/MediaObjects/11277_2023_10722_Fig15_HTML.png)
Similar content being viewed by others
Data availability
The dataset adopted in the proposed study is publicly accessible and can be downloaded from https://www.unb.ca/cic/datasets/nsl.html.
References
Ammar, M., Russello, G., & Crispo, B. (2018). Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications, 38, 8–27.
Xu, H., Yu, W., Griffith, D., & Golmie, N. (2018). A survey on industrial Internet of Things: A cyber-physical systems perspective. IEEE Access, 6, 78238–78259.
Kim, N. Y., Rathore, S., Ryu, J. H., Park, J. H., & Park, J. H. (2018). A survey on cyber physical system security for IoT: Issues, challenges, threats, solutions. Journal of Information Processing Systems, 14(6), 1361–1384.
Das, S., & Nene M. J. (2017). A survey on types of machine learning techniques in intrusion prevention systems. In 2017 International conference on wireless communications, signal processing and networking (WiSPNET) (pp. 2296–2299). IEEE.
Mohamed, O. A. A comparative study between support vector machine and k-nearest neighbour methods for intrusion detection system (Doctoral dissertation, University of Gezira).
Alzahrani, R. J., & Alzahrani, A. (2021). Security analysis of DDoS attacks using machine learning algorithms in networks traffic. Electronics, 10(23), 2919.
Soni, V. D. (2019). Security issues in using iot enabled devices and their Impact. International Engineering Journal For Research & Development, 4(2), 7.
Hubballi, N., & Suryanarayanan, V. (2014). False alarm minimization techniques in signature-based intrusion detection systems: A survey. Computer Communications, 49, 1–7.
Mishra, S., Sagban, R., Yakoob, A., & Gandhi, N. (2021). Swarm intelligence in anomaly detection systems: An overview. International Journal of Computers and Applications., 43(2), 109–118.
Sarker, I. H., Kayes, A. S., Badsha, S., Alqahtani, H., Watters, P., & Ng, A. (2020). Cybersecurity data science: An overview from machine learning perspective. Journal of Big Data, 7(1), 1–29.
Liu, H., & Lang, B. (2019). Machine learning and deep learning methods for intrusion detection systems: A survey. Applied Sciences, 9(20), 4396.
Jiang, H., He, Z., Ye, G., & Zhang, H. (2020). Network intrusion detection based on PSO-Xgboost model. In IEEE Access, 8, 58392–58401. https://doi.org/10.1109/ACCESS.2020.2982418
Moustafa, N., Slay, J., & Creech, G. (2019). Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data, 5(4), 481–494. https://doi.org/10.1109/TBDATA.2017.2715166
Alamri, H. A., & Thayananthan, V. (2020). Bandwidth control mechanism and extreme gradient boosting algorithm for protecting software-defined networks against DDoS attacks. IEEE Access, 8, 194269–194288. https://doi.org/10.1109/ACCESS.2020.3033942
Wang, W., Du, X., & Wang, N. (2019). Building a cloud IDS using an efficient feature selection method and SVM. IEEE Access, 7, 1345–1354. https://doi.org/10.1109/ACCESS.2018.2883142
Kamarudin, M. H., Maple, C., Watson, T., & Safa, N. S. (2017). A LogitBoost-based algorithm for detecting known and unknown web attacks. IEEE Access, 5, 26190–26200. https://doi.org/10.1109/ACCESS.2017.2766844
Tama, B. A., Nkenyereye, L., Islam, S. M. R., & Kwak, K. (2020). An enhanced anomaly detection in web traffic using a stack of classifier ensemble. IEEE Access, 8, 24120–24134. https://doi.org/10.1109/ACCESS.2020.2969428
Nagaraja, A., Boregowda, U., Khatatneh, K., Vangipuram, R., Nuvvusetty, R., & Sravan Kiran, V. (2020). Similarity based feature transformation for network anomaly detection. IEEE Access, 8, 39184–39196. https://doi.org/10.1109/ACCESS.2020.2975716
Chkirbene, Z., Erbad, A., Hamila, R., Mohamed, A., Guizani, M., & Hamdi, M. (2020). TIDCS: A dynamic intrusion detection and classification system based feature selection. IEEE Access, 8, 95864–95877. https://doi.org/10.1109/ACCESS.2020.2994931
Zhang, Z., Liu, Q., Qiu, S., Zhou, S., & Zhang, C. (2020). Unknown attack detection based on zero-shot learning. IEEE Access, 8, 193981–193991. https://doi.org/10.1109/ACCESS.2020.3033494
Wang, Z. (2018). Deep learning-based intrusion detection with adversaries. IEEE Access, 6, 38367–38384. https://doi.org/10.1109/ACCESS.2018.2854599
Pu, G., Wang, L., Shen, J., & Dong, F. (2021). A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology, 26(2), 146–153. https://doi.org/10.26599/TST.2019.9010051
Gogoi, P., Bhattacharyya, D. K., Borah, B., & Kalita, J. K. (2014). MLH-IDS: A multi-level hybrid intrusion detection method. The Computer Journal, 57(4), 602–623. https://doi.org/10.1093/comjnl/bxt044
Li, L., Yu, Y., Bai, S., Hou, Y., & Chen, X. (2018). An effective two-step intrusion detection approach based on binary classification and k-NN. IEEE Access, 6, 12060–12073. https://doi.org/10.1109/ACCESS.2017.2787719
Pajouh, H. H., Javidan, R., Khayami, R., Dehghantanha, A., & Choo, K. R. (2019). A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in IoT backbone networks. IEEE Transactions on Emerging Topics in Computing, 7(2), 314–323. https://doi.org/10.1109/TETC.2016.2633228
Gao, Y., Wu, H., Song, B., Jin, Y., Luo, X., & Zeng, X. (2019). A distributed network intrusion detection system for distributed denial of service attacks in vehicular ad hoc network. IEEE Access, 7, 154560–154571. https://doi.org/10.1109/ACCESS.2019.2948382
Gao, Y., Liu, Y., Jin, Y., Chen, J., & Wu, H. (2018). A novel semi-supervised learning approach for network intrusion detection on cloud-based robotic system. IEEE Access, 6, 50927–50938. https://doi.org/10.1109/ACCESS.2018.2868171
Andrade Maciel, L., Alcântara Souza, M., & Cota de Freitas, H. (2020). Reconfigurable FPGA-based K-means/K-modes architecture for network intrusion detection. IEEE Transactions on Circuits and Systems II: Express Briefs, 67(8), 1459–1463. https://doi.org/10.1109/TCSII.2019.2939826
Chaurasia, S., & Jain, A. (2014). Ensemble neural network and k-NN classifiers for intrusion detection. International Journal of Computer Science and Information Technology, 5, 2481–2485.
Tharwat, A., Ghanem, A. M., & Hassanien, A. E. (2013). Three different classifiers for facial age estimation based on k-nearest neighbor. In Proceedings of computer engineering conference (ICENCO) (pp. 55−60).
Derlatka, M. (2013). Modified kNN algorithm for improved recognition accuracy of biometrics system based on gait. In IFIP international conference on computer information systems and industrial management (pp. 59–66). Springer.
Atallah, D. M., Badawy, M., & El-Sayed, A. (2019). Intelligent feature selection with modified K-nearest neighbor for kidney transplantation prediction. SN Applied Sciences, 1(10), 1–7.
Bach, N. G., Hoang, L. H., & Hai, T. H. (2021). Improvement of K-nearest neighbors (KNN) algorithm for network intrusion detection using shannon-entropy. The Journal of Communication, 16(8), 347–354.
Wahba, Y., Elsalamouny, E., & Eltaweel, G. (2015). Improving the performance of multi-class intrusion detection systems using feature reduction.
Acknowledgements
The authors of this manuscript would like to express their gratitude to the School of Electronics and Communication Engineering, REVA University for their efforts in guiding in the context of the current research work with for the constructive feedbacks which improved the submission.
Funding
The authors have not received any financial support or funding to report.
Author information
Authors and Affiliations
Contributions
SKL The experiment was carried out and completed. Revised and proofread the manuscript. PIB Guided the design route and provided experimental guidance for this manuscript.
Corresponding author
Ethics declarations
Conflict of interest
On behalf of all the authors, corresponding author declares that there is no conflict of interest involved in conducting the study.
Ethics approval and consent to participate
All authors are contributing and accepting to submit the current work.
Consent for publication
All authors are accepting to submit and publish the submitted work.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Lakshminarayana, S.K., Basarkod, P.I. Unification of K-Nearest Neighbor (KNN) with Distance Aware Algorithm for Intrusion Detection in Evolving Networks Like IoT. Wireless Pers Commun 132, 2255–2281 (2023). https://doi.org/10.1007/s11277-023-10722-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-023-10722-8