Anomaly intrusion detection is an important issue in computer network security. As a step of data preprocessing, attribute normalization is essential to detection performance. However, many anomaly detection methods do not normalize attributes before training and detection. Few methods consider to normalize the attributes but the question of which normalization method is more effective still remains. In this paper, we introduce four different schemes of attribute normalization to preprocess the data for anomaly intrusion detection. Three methods, k-NN, PCA as well as SVM, are then employed on the normalized data as well as on the original data for comparison of the detection results. KDD Cup 1999 data as well as a real data set collected in our department are used to evaluate the normalization schemes and the detection methods. The systematical evaluation results show that the process of attribute normalization improves a lot the detection performance. The statistical normalization scheme is the best choice if the data set is large. The merits and demerits of the detection methods k-NN, PCA and SVM are also analyzed and discussed in this paper to suggest their suitable detection environments.