Unification of K-Nearest Neighbor (KNN) with Distance Aware Algorithm for Intrusion Detection in Evolving Networks Like IoT

The Internet of Things and cyber physical systems are emerging networks that enable several additional layers of services to improve various facets of human life. The risk of network intrusions also rises as a result of these additional connected vulnerabilities. One method for detecting attacks and anomalies in the network is the intrusion detection system (IDS). But an efficient IDS is defined by two characteristics i.e., computational efficiency and classification efficiency with less false alarm rates, which can be achieved by preprocessing network traffic and identification of essential features. A k-nearest neighbor-(KNN) algorithm was used prominently in the development of network IDS due to its better detection rates. But it is very challenging to pick up an appropriate K-value for KNN and especially, when the data classes are imbalanced. Additionally, KNN is a lazy classifier since it does not learn a discriminative function from the training samples instead it memorizes them. This paper focuses on improving existing KNN classifier to achieve classification efficiency and speed in the execution of intrusion detection process. An improvement in shallow KNN is proposed by arranging the attributes of the data in a way that the sample data that is pertinent to distance computation, followed by quantification, and indexing nearest neighbors of the data block. The design and development of the proposed modified KNN driven IDS is carried out using python programming language executed on Anaconda distribution. The validation and effectiveness of the proposed work is done against benchmarked NSL-KDD dataset. The results shows that the proposed KNN++ are higher than classical KNN by 5.33%, LR by 28.17%, GNB by 72.67%, and SVM by 20.21%, in terms of F1 score.