Although detection accuracy is not a major improvement, significantly reduced false negative rate provides an IDS system with high sensitivity, capable of detecting R2L and U2R
attacks, which represent the most dangerous attacks in the training set.
Table 3: TUIDS Intrusion Datasets Data sets Connection Data set type Type Training Testing Packet Level Normal 35043 27895 Attack 397832 138370 Total 432875 166265 Flow Level Normal 36402 16770 Attack 363729 123955 Total 400131 140725 Portscan Normal 2445 1300 Attack 39215 28615 Total 41660 29915 Table 4: KDD Cup 1999 datasets Data sets DoS U2R
R2L Probe Normal Total Corrected 229853 70 16347 4166 60593 311029 KDD 10 percent 391458 52 1126 4107 97278 494021 KDD Table 5: NSL-KDD datasets Data sets DoS U2R
R2L Probe Norneal Total [KDDTrain.
Following the methodology described in the previous section, we intend to develop an IDS for the protection of C4I systems against DoS, DDoS, probing, U2R, and R2L attacks.
In this paper, we described various types of attacks that can cause damage to C4I systems in both war and peace situations, including DDoS,DoS, probing, U2R, and R2L attacks.
To be eligible, foreign scientists must meet at least one of the following criteria: 1) at least 2 years of research training experience under an FIC-supported training grant (classified by the D43 and U2R
mechanisms); 2) 1 year of such D43 or U2R
training experience coupled with 1 year of significant, well-documented, mentored research experience (e.
Characteristics of the training and testing datasets Datasets Training First testing datasets datasets Number of overall samples 97969 489844 Number of normal samples 19458 97278 Number of abnormal samples 78511 392566 Number of DoS samples 77667 388338 Number of R2L samples 20 109 Number of U2R
samples 1 4 Number of Probe samples 823 4115 Datasets Second testing Third testing datasets datasets Number of overall samples 489843 311029 Number of normal samples 97280 60593 Number of abnormal samples 392563 250436 Number of DoS samples 388335 229853 Number of R2L samples 110 16189 Number of U2R
samples 6 228 Number of Probe samples 4112 4166 Table 3.
Main category Description DCost RCost (by results) U2R
Illegal root access is DCost = 100 RCost = 60 obtained R2L Illegal user access is DCost = 50 RCost = 40 obtained from outside DOS Denial-of-Service of DCost = 30 RCost = 15 target is accomplished PROBE Information about the DCost = 2 RCost = 7 target is gathered Normal Normal events DCost = 0 RCost = 0 Table 2: Operation cost metrics.
It is well known that features constructed from the data content of the connections are more important when detecting R2L (Remote to Local) and U2R
(User to Root) attack types in KDD99 intrusion dataset , while time-based and connection based features are more important for detection of DoS (Denial of Service) and probing attack types .
This study was supported by the Innovative approaches for tuberculosis control in Brazil: Grant #5 U2R
TW006883-02, NIH AI66994 Fogarty International Center/USNIH #U2RTW006885 ICOHRTA and Dr.
5 exposed to the behaviors of DoS, Probe, R2L, and U2R
And developed honey pot for intrusive behavior analysis, misuse and some attacking such as probe, DoS, DDoS, R2L (remote to local), U2R
(User to Root), evading IDS are performed.
Distribution of the data sets used for training and test 10% Training Category Set Training Subset Test Set Test Subset Normal 97278 986 60593 4000 Probing 4107 41 4166 1107 DoS 391458 3961 229853 13715 U2R
52 1 228 52 R2L 1126 11 16189 1126 total 494021 5000 311029 20000 Table 3.