Network Attack Detection Off/Online Alert Aggregation with Probabilistic Data Stream Approach
Network traffic faces number of challenges: an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, the authors address these three issues network attack identification, online or offline alert aggregation and probabilistic data stream approach. The goal is to identify and to cluster different alerts - belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Alerts may then be the basis for reporting to security experts or network administrators for communication within a distributed network attack detection system.