Cost-Sensitive Access Control for Detecting Remote to Local (R2L) and User to Root (U2R) Attacks

International Journal of Computer Trends and Technology (IJCTT)          
© 2017 by IJCTT Journal
Volume-43 Number-2
Year of Publication : 2017
Authors : Doaa Hassan
DOI :  10.14445/22312803/IJCTT-V43P118


Doaa Hassan  "Cost-Sensitive Access Control for Detecting Remote to Local (R2L) and User to Root (U2R) Attacks". International Journal of Computer Trends and Technology (IJCTT) V43(2):124-129, January 2017. ISSN:2231-2803. Published by Seventh Sense Research Group.

Abstract -
Remote to local attack (r2l) has been widely known to be launched by an attacker to gain unauthorized access to a victim machine in the entire network. Similarly user to root attack (u2r) is usually launched for illegally obtaining the root’s privileges when legally accessing a local machine. One approach for detecting both attacks is to formulate both problems as a binary classification problem by deciding whether to accept or reject access requests from remote sites to local user machine or by accepting or rejecting access as root attempts. However, the cost caused by incorrect decision due to accepting illegitimate access request in a form of the damage that it might lead to is more expensive than the opposite case resulting from rejecting a valid access request. Due to this, in this paper we handle both problems in cost sensitive learning framework. We investigate how various cost-sensitive machine learning methods can be used to produce various cost sensitive detection models for detecting illegitimate remote access and access as a root requests. Those models are optimized for a user-defined cost matrix. Empirical experiment shows that the produced cost sensitive detection models are effective in reducing the overall cost of illegal remote access and access as root detection.

[1] Pedro Domingos. Metacost: A general method for making classifiers costsensitive. In proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining (KDD99), pages 155164, 1999.
[2] P. G. Jeya, M. Ravichandran and C. S. Ravichandran. Efficient Classifier for R2L and U2R Attacks. International Journal of Computer Applications, Volume 45, No.21, May 2012.
[3] Monowar H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita. Network Anomaly Detection: Methods, Systems and Tools. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, , VOL. 16, NO. 1, FIRST QUARTER 2014.
[4] S.Vijayarani and M. Sylviaa Intrusion Detection System- A study. International Journal of Security, Privacy and Trust Management (IJSPTM), Vol 4, No 1, February 2015.
[5] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani. A Detailed Analysis of the KDD CUP 99 Data Set. In Proceedings of the IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009), 2009.
[6] Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep Srivastava and Pang-Ning Tan. Data Mining for Network Intrusion Detection. In Proceedings of 2002 NSF Wrokshop on Data Mining, pp. 21.30, 2002.
[7] Ch.Ambedkar and V. Kishore Babu. Detection of Probe Attacks Using Machine Learning Techniques. International Journal of Research Studies in Computer Science and Engineering (IJRSCSE), Volume2, Issue 3 , PP. 25-29, March 2015.
[8] H. Waguih. A Data Mining Approach for the Detection of Denial of Service Attack. IAES International Journal of Artificial Intelligence (IJAI), Vol. 2, No. 2, June 2013, pp. 99 106.
[9] A. M. Chandrashekhar and K. Raghuveer. Performance evaluation of data clustering techniques using KDD Cup-99 Intrusion detection data set. International Journal of Information & Network Security (IJINS), Vol.1, No.4, pp. 294 305, October 2012.
[10] A. Mitrokotsa, C. Dimitrakakis and C. Douligeris. Intrusion Detection Using Cost-Sensitive Classification. In Proceedings of the 3rd European Conference on Computer Network Defense, Springer Science+Business Media, LLC 2009.
[11] Y-W. Seo and K. Sycara. Cost-Sensitive Access Control for Illegitimate Confidential Access by Insiders. In Proceedings of ISI 2006, pp. 117128, Springer-Verlag Berlin Heidelberg , 2006.
[12] B. Zadrozny, J. Langford, and N. Abe. A simple method for cost sensitive learning, IBM Tech Report, 2002.
[13] W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok. Toward cost sensitive modeling for intrusion detection and response. Journal of Computer Security, Volume 10, Issue 1-2, pp. 5-22, 2002.
[14] R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunninghan, and M. Zissman. Evaluating intrusion detection systems: The 1998 darpa off-line intrusion detection evaluation. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, January 2000.
[15] C. Elkan. The foundations of cost-sensitive learning. In Proceedings of the Seventeenth International Joint Conference on Artificial Intelligence, IJCAI 2001, Seattle, Washington, USA, August 4-10, 2001, pages 973978, 2001.
[16] I. Witten and E. Frank. Data Mining: Practical Machine Learning Tools and Techniques (Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann Publishers Inc., 2005.
[17] J. V. Hulse and T. M. Khoshgoftaar. Experimental perspectives on learning from imbalanced data. In Proceedings of International Conference on Machine Learning, 2007, pages 155164, 2007.
[18] Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, and Ian H. Witten. The WEKA Data Mining Software: An Update. SIGKDD Explorations, Volume 11, Issue 1, 2009.
[20] Weka/SpreadSubsample. Avilable at:
[21] P.-N. Tan, M. Steinbach, and V. Kumar. Introduction to Data Mining. Addison-Wesley, 2005.
[22] W. Wang and J. Yang. Mining High-dimensional Data. Data Mining and Knowledge Discovery Handbook, Chapter 27, pp. 793-799, 2005.
[23] A.C. Bahnsen, A. Stojanovic, D. Aouada, and B.E. Ottersten. Cost Sensitive Credit Card Fraud Detection Using Bayes Minimum Risk. In Proceedings of 12th International Conference on Machine Learning and Applications (ICMLA 2013), pp.333-338, Miami, FL, USA, December 4-7, 2013.

cost sensitive learning methods, r2L attack, u2r attack.