Date Added: Sep 2010
In this paper, the authors present some practical experience on implementing an alert fusion mechanism from their project. After investigation on most of the existing alert fusion systems, they found the current body of work alternatively weighed down in the mire of insecure design or rarely deployed because of their complexity. As confirmed by their experimental analysis, unsuitable mechanisms could easily be submerged by an abundance of useless alerts. Even with the use of methods that achieve a high fusion rate and low false positives, attack is also possible. To find the solution, they carried out analysis on a series of alerts generated by well-known datasets as well as realistic alerts from the Australian Honey-Pot.