A distance based algorithm for network anomaly detection using initial classification of ‘protocol type’ attribute

With the increased use of Internet and Internet of Things (IoT), data is being shared/generated instantaneously between/by various devices that range from small sensors to various appliances. Though this offers lots of tangible benefits, there are certain concerns such as the requirement of faster networks, higher bandwidth and huge storage etc., are there and the major concern is security of the data. The rate of information generation/exchange has increased the significance secure networks. As the network speed and bandwidth are ever increasing, Anomaly detection has attracted the attention of researchers to overcome the difficulties faced in signature based intrusion detection where detecting new attacks are not possible and the other factors which affect intrusion detection such as detection rate and the time required to detect intrusions. In this study a novel algorithm for network anomaly detection based on distance and initial classification of data based on 'protocol type' is proposed. The algorithm is tested with Kyoto University's 2006+ Benchmark dataset (new version of data). The results of the proposed algorithm outperform all the known/commonly used classification algorithms with respect to Detection Rate, False Alarm Rate, Recall and F-score.