back,buffer_overflow,ftp_write,guess_passwd,imap,ipsweep,land,loadmodule,multihop,neptune,nmap,normal,perl,phf,pod,portsweep,rootkit,satan,smurf,spy,teardrop,warezclient,warezmaster.

<<34 continuous's + 7 symbolic = 41 attributes>> 

01) duration:                    continuous. => pca-03

02) protocol_type:               symbolic.   => pca-10
03) service:                     symbolic.   => pca-08
04) flag:                        symbolic.   => pca-09

05) src_bytes:                   continuous. => pca-01
06) dst_bytes:                   continuous. => pca-02

07) land:                        symbolic.

08) wrong_fragment:              continuous.
09) urgent:                      continuous.
10) hot:                         continuous. => pca-12
11) num_failed_logins:           continuous.

12) logged_in:                   symbolic.

13) num_compromised:             continuous. => pca-13
14) root_shell:                  continuous.
15) su_attempted:                continuous.
16) num_root:                    continuous. => pca-11
17) num_file_creations:          continuous.
18) num_shells:                  continuous.
19) num_access_files:            continuous.
20) num_outbound_cmds:           continuous.

21) is_host_login:               symbolic.   => pca-05
22) is_guest_login:              symbolic.   => pca-04

23) count:                       continuous. => pca-19
24) srv_count:                   continuous. => pca-17
25) serror_rate:                 continuous.
26) srv_serror_rate:             continuous.
27) rerror_rate:                 continuous. => pca-16
28) srv_rerror_rate:             continuous.
29) same_srv_rate:               continuous.
30) diff_srv_rate:               continuous. => pca-07
31) srv_diff_host_rate:          continuous. => pca-06
32) dst_host_count:              continuous. => pca-15
33) dst_host_srv_count:          continuous.
34) dst_host_same_srv_rate:      continuous. => pca-14
35) dst_host_diff_srv_rate:      continuous.
36) dst_host_same_src_port_rate: continuous.
37) dst_host_srv_diff_host_rate: continuous. => pca-18
38) dst_host_serror_rate:        continuous.
39) dst_host_srv_serror_rate:    continuous.
40) dst_host_rerror_rate:        continuous.
41) dst_host_srv_rerror_rate:    continuous.



<<attack-types>>  22 types
--------------------------------------------------
    type           category   code used in my 
                              normalized-all.data
--------------------------------------------------
01) ipsweep         probe           206
02) nmap            probe           211
03) portsweep       probe           215
04) satan           probe           217

05) back            dos             201
06) land            dos             207
07) neptune         dos             210
08) pod             dos             214
09) smurf           dos             218
10) teardrop        dos             220

11) buffer_overflow u2r             202
12) loadmodule      u2r             208
13) perl            u2r             212
14) rootkit         u2r             216

15) ftp_write       r2l             203
16) guess_passwd    r2l             204
17) imap            r2l             205
18) multihop        r2l             209
19) phf             r2l             213
20) spy             r2l             219  no record
21) warezclient     r2l             221  no record
22) warezmaster     r2l             222


Other attack in the original data but no description
about which categories.

snmpgetattack.                      300
named.                              301
mailbomb                            302
xlock                               303
sendmail                            304
appache2                            305
processtable                        306
xsnoop                              307
xterm                               308
phf                                 600

==========
normal                              100