Attacks are categorized into the following categories: Denial of Service (DoS) attacks, Probe and Compromise (these attacks are presented with data grouped into two subcategories: Remote to Local - R2L
and User to Root - U2R.
(Remote to Local): a type of attack that is performed to access a particular network address remotely illegally.
One of our previous works  was dealing with the same type of control charts (CUSUM and EWMA) which were applied on the TCP packets for R2L
NSL_KDD training data set consists of 125973 records, from which 67343 are labelled as normal and the rest of the records are labelled as attacks: denial-of-service (DOS), surveillance and other probing (PROB), unauthorized access from a remote to local host (R2L
) or unauthorized access to local super user (U2R).
He tested with machine-learning algorithms to find efficient SMOTE ratios of rare classes such as U2R, R2L
, and Probe.
Hackers start to probe every system to analyze different vulnerabilities; after the vulnerabilities are targeted, hackers try to get primary control by remote-to-local (R2L
Each instance in NSL-KDD dataset is a TCP/IP connection record depicted by 41 different features and classified as one of the following classes: normal event, denial of service (DoS) attack, probe attack, user to root (U2R) attack, and remote to local (R2L
Attacks such as U2R and R2L
are generally embedded because they do not have frequent sequential patterns in data records like DoS attacks.
The time response of the UEGO sensor is defined as the time required to move by a precalibrated amount after injectors start turning off (at entry, R2L
) or start turning on (at exit, L2R) The algorithm in Fig.
However, poor detection rate of these algorithms on U2R and R2L
attacks has been attributed to the few representations in the training dataset.
Attacks in the KDDCup'99 dataset can be categorized into four main categories : Remote to Local (R2L
), User to Root (U2R), Probing, and Denial of Service (DOS).
Jain, "Improving intrusion detection system based on KNN and KNN-DS with detection of U2R, R2L
attack for network probe attack detection," International Journal of Scientific Research in Science, Engineering and Technology, vol.