Provided by: International Journal on Computer Science and Technology (IJCST)
Network Intrusion Detection System (NIDS) that tries to detect malicious activity such as denial of service attacks, port scan or even attempts to crack into computer by monitoring network traffic. Network Intrusion detection is mainstream to identify alert aggregation and to cluster different alerts produced by low-level intrusion detection systems firewalls etc. Belonging to a specific attack instance which has been initiated by an attacker at a certain point in time, thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially. Meta-alerts may then be the basis for reporting to security experts or for communication within a distributed intrusion detection system.