Skip to main content

A Novel Algorithm for Network Anomaly Detection Using Adaptive Machine Learning

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 564)


Threats on the Internet are posting high risk to information security and network anomaly detection has become an important issue/area in information security. Data mining algorithms are used to find patterns and characteristic rules in huge data and this is very much used in Network Anomaly Detection System (NADS). Network traffic has several attributes of qualitative and quantitative nature, which needs to be treated/normalized differently. In general, a model is built with the existing data and the system is trained with the model and then used to detect intrusions. The major and important issue with such NADS is that the network traffic changes over time; in such cases, the system should get trained automatically or retrained. This paper presents an adaptive algorithm that gets trained according to the network traffic. The presented algorithm is tested with Kyoto University’s 2006+ Benchmark dataset. It can be observed that the results of the proposed algorithm outperform all the known/commonly used classifiers and are very much suitable for network anomaly detection.


  • Intrusion
  • Anomaly
  • Network traffic
  • Normalization
  • Performance metrics
  • Adaptive algorithm
  • Kyoto 2006+
  • Naïve Bayes classification

This is a preview of subscription content, access via your institution.

Fig. 1


  1. Accessed on 06 Jan 2016

  2. Panda, M., Patra, M.R.: Network intrusion detection using naive bayes. Int. J. Comput. Sci. Netw. Secur. 7(12), 258–263 (2007)

    Google Scholar 

  3. Jain, M., Richariya, V.: An improved techniques based on Naïve Bayesian for attack detection. Int. J. Emerg. Technol. Adv. Eng. 2(1), 324–331 (2012)

    Google Scholar 

  4. The UCI KDD Archive: KDD Cup 1999 Data, Information and Computer Science, University of California, Irvine. (1999). Accessed 2 February 2014

  5. Muda, Z., Yassin, W., Sulaiman, M.N., Udzir, N.I.: A K-Means and Naive Bayes learning approach for better intrusion detection. Inf. Technol. J. 10(3), 648–655 (2011)

    Google Scholar 

  6. Mukherjee, S., Sharma, N.: Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol. 4, 119–128 (2012)

    CrossRef  Google Scholar 

  7. Amor, N.B., Benferhat, S., Elouedi, Z.: Naive bayes vs decision trees in intrusion detection systems. In: Proceedings of the 2004 ACM Symposium on Applied Computing, pp. 420–424 (2004)

    Google Scholar 

  8. MIT Lincoln Lab., Information Systems Technology Group: The 1998 Intrusion detection off-Line Evaluation Plan. (1998)

  9. Münz, G., Li, S., Carle, G.: Traffic, Anomaly detection using K-Means Clustering. In: GI/ITG Workshop MMBnet, Sept 2007

    Google Scholar 

  10. Jianliang, M., Haikun, S., Ling, B.: The application on intrusion detection based on k-means cluster algorithm. In: International Forum on Information Technology and Applications, 2009. IFITA’09, pp. 150–152 (2009)

    Google Scholar 

  11. Randeep, B., Sharma, N.: A novel density based K-Means clustering algorithm for intrusion detection. In: J. Netw. Commun. Emerg. Technol. 3(3), 17–22 (2015)

    Google Scholar 

  12. Sharma, S.K., Pandey, P., Tiwari, S.K., Sisodia, M.S.: An improved network intrusion detection technique based on K-means clustering via Naïve Bayes classification. In: 2012 International Conference on Advances in Engineering, Science and Management (ICAESM), proceedings, 30–31 Mar 2012. IEEE, Piscataway, NJ (2012)

    Google Scholar 

  13. Hussein, S.M., Ali, F.H.M., Kasiran, Z.: Evaluation effectiveness of hybrid IDs using snort with naive Bayes to detect attacks. In: 2012 Second International Conference on Digital Information and Communication Technology and it’s Applications (DICTAP). IEEE (2012)

    Google Scholar 

  14. Thomas, C: Performance Enhancement of Intrusion Detection Systems using Advances in Sensor Fusion, Phd Thesis. Supercomputer Education and Research Center, Indian Institute of Science Bangalore, India (2009)

    Google Scholar 

  15. Gaffney Jr., J.E., Ulvila, J.W.: Evaluation of intrusion detectors: a decision theory approach. In: 2001 IEEE Symposium on Security and Privacy, 2001. S&P 2001. Proceedings, pp. 50–61. IEEE (2001)

    Google Scholar 

  16. Mokarian, A., Faraahi, A., Delavar, A.G.: False positives reduction techniques in intrusion detection systems-a review. Int. J. Comput. Sci. Netw. Secur. (IJCSNS) 13(10), 128 (2013)

    Google Scholar 

  17. Laskov, P., Düssel, P., Schäfer, C., Rieck, K.: Learning intrusion detection: supervised or unsupervised? In: Image Analysis and Processing–ICIAP 2005, 1 Jan 2005, pp. 50–57. Springer, Berlin (2005)

    Google Scholar 

  18. Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the 1st Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Salzburg, 10–13 Apr 2011, pp. 29–36. ACM 2011 (2011).

  19. Ammar, A.: Comparison of feature reduction techniques for binominal classification of network traffic. J. Data Anal. Inf. Process. (2015)

  20. Ihsan, Z., Idris, M.Y., Abdullah, A.H.: Attribute normalization techniques and performance of intrusion classifiers: a comparative analysis. Life Sci. J. 10(4), 2568–2576 (2013)

    Google Scholar 

  21. Chavez, A.R., Hamlet, J., Lee, E., Martin, M., Stout, W.: Network Randomization and Dynamic Defence for Critical Infrastructure Systems, Sandia National Laboratories, New Mexico. SAN2015-3324 (2015)

    Google Scholar 

  22. Wang, W., Zhang, X., Gombault, S., Knapskog, S.J.: Attribute normalization in network intrusion detection. In: 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks (ISPAN), 14 Dec 2009, pp. 448–453. IEEE (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to D. Ashok Kumar .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Ashok Kumar, D., Venugopalan, S.R. (2018). A Novel Algorithm for Network Anomaly Detection Using Adaptive Machine Learning. In: Saeed, K., Chaki, N., Pati, B., Bakshi, S., Mohapatra, D. (eds) Progress in Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, vol 564. Springer, Singapore.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-6874-4

  • Online ISBN: 978-981-10-6875-1

  • eBook Packages: EngineeringEngineering (R0)