Provided by: International Journal on Computer Science and Technology (IJCST)
Meta-alerts are the basis for reporting to security experts or for communication within a distributed intrusion detection system. With three benchmark data sets, the authors demonstrated that it is possible to achieve reduction rates of up to 99.96 percent while the number of missing meta-alerts is extremely low. In addition, meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance. Meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially.