Provided by: International Journal of Emerging Technology and Advanced Engineering (IJETAE)
Intrusion Detection System (IDS) technology is an important component in designing a secure environment. Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts produced by low-level intrusion detection systems using, firewalls, etc. belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-alerts can be generated for the clusters that contain all the relevant information whereas the amount of data (i.e., alerts) can be reduced substantially. Distributed IDS using fuzzy genetics-based learning algorithm systems are the next logical level for IDS systems to move to.