| | Category | Description | Specific attacks included in the training set | Specific attacks included in the test set |
| | DoS | Sending a large number of packets to the server to make it busy, the attacker tries to prevent legitimate users from accessing the server | back, land, Neptune, pod, smurf, teardrop | apache2, mailbomb, processtable |
| | U2R | The attacker accesses the system through a normal user account and then attempts to gain root access to the system using certain vulnerabilities | buffer-overflow, perl, load module, rootkit | httptunnel, ps, sqlattack, xterm |
| | R2L | The attacker can remotely log into the computer and then use the computer’s account and weak password to enter the computer to operate | ftp-write, imap, multihop, phf, guess-passwd, warezclient, spy, warezmaster | sendmail, worm, named, xlock, snmpgetattack, snmpguess, xsnoop |
| | Probe | The attacker purposefully collects information about a computer network to bypass its security controls | ipsweep, Satan, nmap, portsweep | Mscan, saint |
|
|
