A Novel Online Intrusion Detection System Based on Alert Aggregation with Data Stream and Generative Modeling
Intrusion Detection System is a device which provides protective measures for the public and private networks. It guarantees information security. At present scenario, most IDS are quite reliable in detecting suspicious intrusion attacks, but when the intrusion actions caused by a single attack instance of particular type, often results in hundreds or even thousands of alerts instead of single alert. This makes ambiguity to network security engineer. The primary goal of this paper is to identify and to cluster different alerts belonging to a specific attack instance with the concept of alert aggregation. In this method, different types of alerts will be clustered into different groups called meta-alerts.