With the increased use of Internet and Internet of Things (IoT), data is being shared/generated instantaneously between/by various devices that range from small sensors to various appliances. Though this offers lots of tangible benefits, there are certain concerns such as the requirement of faster networks, higher bandwidth and huge storage etc., are there and the major concern is security of the data. The rate of information generation/exchange has increased the significance secure networks. As the network speed and bandwidth are ever increasing, Anomaly detection has attracted the attention of researchers to overcome the difficulties faced in signature based intrusion detection where detecting new attacks are not possible and the other factors which affect intrusion detection such as detection rate and the time required to detect intrusions. In this study a novel algorithm for network anomaly detection based on distance and initial classification of data based on 'protocol type' is proposed. The algorithm is tested with Kyoto University's 2006+ Benchmark dataset (new version of data). The results of the proposed algorithm outperform all the known/commonly used classification algorithms with respect to Detection Rate, False Alarm Rate, Recall and F-score.

Anomaly Detection, KYOTO 2006+ Dataset, classification, norm, protocol type, network security

D. Ashok Kumar & S.R. Venugopalan, “Intrusion detection by initial classification-based on protocol type,” Int. J. Advanced Intelligence Paradigms, Vol. 9(2/3), pp. 122-138, 2017

D. Ashok Kumar & S.R. Venugopalan , “A Novel algorithm for Network Anomaly Detection using Adaptive Machine Learning,” In Advanced Computing and Intelligent Technologies (ICACIE 16), December 2016.

The UCI KDD Archive: KDD Cup 1999 Data, Information and Computer ScienceUniversity of California, Irvine, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (1999). Accessed 2 February 2014.

Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D. and Nakao, K., “Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation,” In Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29-36, April 2011.

Ammar, A., “Comparison of Feature Reduction Techniques for the Binominal Classification of Network Traffic,” Journal of Data Analysis and Information Processing, Vol. 3(02),2005, pp.11.

Davidson, D., Smith, R., Doyle, N. and Jha, S., “September. Protocol normalization using attribute grammars,” In European Symposium on Research in Computer Security, Springer Berlin Heidelberg Sep 2009, pp. 216-231.

Ihsan, Z., Idris, M. Y., & Abdullah, A. H.. “Attribute Normalization Techniques and Performance of Intrusion Classifiers: A Comparative Analysis,” Life Science Journal, Vol. 10(4), 2013.

WEKA: Waikato Environment for Knowledge Analysis: Software for machine learning, The University of Waikato, Hamilton, New-Zealand

Kyoto 2006+ New version data (Unvailed on Apr. 2017) [with IP addresses (sanitized), with Bro 2.4], http://www.takakura.com/Kyoto_data/new_data201704/ accessed on 02/06/2017.

Chavez, A., Hamlet, J., Lee, E., Martin, M. and Stout, W.,.” Network randomization and dynamic defense for critical infrastructure systems,” Sandia National Laboratories Report—SAND2015-3324, 277 p.13 April 2015.

Wang, Yun, .Statistical Techniques for Network Security: Modern Statistically-Based Intrusion Detection and Protection: Modern Statistically-Based Intrusion Detection and Protection. IGI Global, 2008.

https://www.sans.org/reading-room/whitepapers/detection/intruion-detection-systemsdefinition-chaallenges-343. accessed on 06-01-2016

Panda, M. and Patra, M.R., “Network intrusion detection using naive bayes,” International journal of computer science and network security, Vol. 7(12), 2007, pp.258-263.

Hussein, S. M., Ali, F. H. M., & Kasiran, Z.. “Evaluation effectiveness of hybrid IDs using snort with naive Bayes to detect attacks,” In Digital Information and Communication Technology and it's Applications (DICTAP), Second International Conference, pp. 256-260. IEEE, May 2012.

Brar, R., & Sharma, N., “A Novel Density Based K-Means Clustering Algorithm for Intrusion Detection,”. Journal of Network Communications and Emerging Technologies (JNCET) www. jncet. org,Vol. 3(3), 2015.