Towards using games theory to detect new U2R attacks

Abstract

In this paper we focused on proving that the linear programming model to detect new user to root (U2R) attacks cited in Beghdad R (Comput Commun 32:1104–1110, 2009 [1]), can be also modeled using games theory (GT). To do that, we will transform the whole linear model Beghdad R (Comput Commun 32:1104–1110, 2009 [1]) to a game theory model, and we will use the KDD99 (http://www.kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, [2]) dataset to prove that we will obtain the same detection rates (DRs). In Beghdad R (Comput Commun 32:1104–1110, 2009 [1]), the author formulated the problem of intrusion detection as a linear programming system (LPS) to test if an unknown behavior is close enough to a known behavior (attack or normal) such as we can conclude that it belongs to its class. Simulations results show that we obtained exactly the same results as those cited in Beghdad R (Comput Commun 32:1104–1110, 2009 [1]), and that our approach outperforms a set of recent approaches focusing on U2R attacks detection.