Research on Preprocessing Technique of Alert Aggregation

Abstract

In order to solve the problems caused by repetitive IDS alerts, an adaptive alert aggregation approach is proposed in this paper. According to the corresponding alert types, the stay times of aggregate alerts in the buffer area can be adjusted automatically so that the repetitive alerts can be aggregated effectively. The experiments results indicate that by using the adaptive alert aggregation model, the problems caused by repetitive alerts are solved, and a balance between alert amount and alert type is achieved at the same time. As a result, the adaptive alert aggregation approach not only can provide a strong support for the further alert processing in IDAM &IRS but also can balance the speed and security of a network system.