Learning Vector Quantization (LVQ) and k-Nearest Neighbor for Intrusion Classification

Attacks on computer infrastructure are becoming an increasingly serious problem nowadays, and with the rapid expansion of computer networks during the past decade, computer security has become a crucial issue for protecting systems against threats, such as intrusions. Intrusion detection is an interesting approach that could be used to improve the security of network system. Different soft-computing based methods have been proposed in recent years for the development of intrusion detection systems. This paper presents a composition of Learning Vector Quantization artificial neural network and k-Nearest Neighbor approach to detect intrusion. A Supervised Learning Vector Quantization (LVQ) was trained for the intrusion detection system; it consists of two layers with two different transfer functions, competitive and linear. Competitive (hidden) and output layers contain a specific number of neurons which are the sub attack types and the main attack types respectively. k-Nearest Neighbor (kNN) as a machine learning algorithm was implemented using different distance measures and different k values, but the results demonstrates that using the first norm instead the second norm and using k=1 gave the best results among other possibilities. The experiments and evaluations of the proposed method have been performed using the NSL-KDD 99 intrusion detection dataset. Hybrid (LVQ_kNN) was able to classify the datasets into five classes at learning rate 0.09 using 23 hidden neurons with classification rate about 89%.