TY - GEN
T1 - Centroid-based nearest neighbor feature representation for e-government intrusion detection
AU - Tsai, Chih Fong
AU - Tsai, Jung Hsiang
AU - Chou, Jui Sheng
PY - 2012
Y1 - 2012
N2 - Accompanied by the invention of information and communication of technologies, e-government has become a prominent feature of modern governance in every country. The aims of e-government are to promote executive efficiencies, to reduce transaction costs of citizen, and to increase the responsiveness of the public sector. However, the requirement of pursuing these goals is based on the security measures of intrusion detection systems (IDS). If technologies are not advanced enough to distinguish between normal connections and illegal attacks, citizens would be doubtful in using the access of e-government to interact with the public sector and will eventually lose the trust of government. Technically, feature representation is an important key to successful pattern classification. However, very few studies focus on extracting better representative features of normal connections and attacks for better detection. Therefore, this paper proposes a novel feature representation approach by cluster centers and nearest neighbors, namely CANN. In this approach, two distances are measured and summed. The first one is based on the distance between each data sample and its cluster center, and the second distance is between the data and its nearest neighbor in the same cluster. Then, this new and one-dimensional distance based feature is used to represent each data sample for intrusion detection The experimental results based on the KDD-Cup 99 dataset show that CANN not only can make the k-nearest neighbor classifier perform reasonably well, but also provides high computational efficiency for the time of training and testing a classifier.
AB - Accompanied by the invention of information and communication of technologies, e-government has become a prominent feature of modern governance in every country. The aims of e-government are to promote executive efficiencies, to reduce transaction costs of citizen, and to increase the responsiveness of the public sector. However, the requirement of pursuing these goals is based on the security measures of intrusion detection systems (IDS). If technologies are not advanced enough to distinguish between normal connections and illegal attacks, citizens would be doubtful in using the access of e-government to interact with the public sector and will eventually lose the trust of government. Technically, feature representation is an important key to successful pattern classification. However, very few studies focus on extracting better representative features of normal connections and attacks for better detection. Therefore, this paper proposes a novel feature representation approach by cluster centers and nearest neighbors, namely CANN. In this approach, two distances are measured and summed. The first one is based on the distance between each data sample and its cluster center, and the second distance is between the data and its nearest neighbor in the same cluster. Then, this new and one-dimensional distance based feature is used to represent each data sample for intrusion detection The experimental results based on the KDD-Cup 99 dataset show that CANN not only can make the k-nearest neighbor classifier perform reasonably well, but also provides high computational efficiency for the time of training and testing a classifier.
UR - http://www.scopus.com/inward/record.url?scp=84860366275&partnerID=8YFLogxK
M3 - 會議論文篇章
AN - SCOPUS:84860366275
SN - 9784885522574
T3 - 2012 World Telecommunications Congress, WTC 2012
BT - 2012 World Telecommunications Congress, WTC 2012
T2 - 2012 World Telecommunications Congress, WTC 2012
Y2 - 5 March 2012 through 6 March 2012
ER -