Data Stream Intrusion Alert Aggregation for Distributed Heterogeneous Sources
The proposal of this paper present an efficient intrusion alert aggregation strategy for distributed heterogeneous sources. The primary objective is to generate meta-alerts using probabilistic technique with offline and online alert aggregation. The proposed approach has the distinct properties i.e., a generative modeling approach using probabilistic methods. Assume that attack instances can be regarded as random processes producing alerts. Model these processes using approximate maximum likelihood parameter estimation techniques. Thus, the beginning as well as the completion of attack instances can be detected. It is a data stream approach, i.e., each observed alert is processed only a few times. Thus, it can be applied on-line and under harsh timing constraints.