Alert Aggregation Based Pattern Classifier for Effective Network Intrusion Detection System

 Alert aggregation is an important subtask of intrusion detection. The goal is to identify and to cluster different alerts—produced by low–level intrusion detection systems.—belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. A novel technique for online alert aggregation which is based on a dynamic, probabilistic model of the current attack situation was produced. Basically, it can be regarded as a data stream version of a maximum likelihood approach for the estimation of the model parameters. Detecting intrusions in networks has become one of the most critical tasks to prevent their misuse by attackers. The rapid increase in network traffic and attacks made the Intrusion Detection Systems to fail in terms of accuracy and efficiency in many situations. Present networks and enterprises follow a layered defence approach to ensure security at different access levels by using a variety of tools such as network surveillance, perimeter access control, firewalls, network, host and application intrusion detection systems, data encryption and others. Given this traditional layered defence approach, only a single system is employed at every layer which is expected to detect attacks at that particular location. The main goal of this approach in Intrusion Detection System is to achieve high accuracy and efficiency.

