A novel technique is proposed to aggregate the alerts produced when an intruder comes into an existence in distributed network. This becomes an essential task to cluster different types of alerts. Meta-alerts are generated from the clusters formed with all the relevant details of the attack in detail. This Alert aggregation technique is developed as a dynamic, probabilistic model of the existing or prevailed attacks that has been created so far. To cluster the alerts, the sensitive parameters are found and generative data stream modelling version is utilized. In addition, meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance

1. Alexander Hofmann and Bernhard Sick, "Online Intrusion Alert Aggregation with Generative Data Stream Modeling", IEEE Transactions on Dependable and Secure Computing, Vol. 8, No. 2, March – April 2011.
2. Kapil Kumar Gupta, Baikunth Nath and Ramamohanarao Kotagiri, "Layered Approach using Conditional Random Fields for Intrusion Detection", IEEE Transactions on Dependable and Secure Computing, Vol. 7, No. 1, January-March 2010.
3. S. Axelsson, "Intrusion Detection Systems: A Survey and Taxonomy," Technical Report 99-15, Dept. of Computer Eng. , Chalmers Univ. of Technology, 2000.
4. Allen, "Intrusion Detection Systems: Perspective," Technical Report DPRO-95367, Gartner, Inc. , 2003.
5. Measurement, M. R. Endsley and D. J. Garland, eds. , chapter 1, pp. 3-32, Lawrence Erlbaum Assoc. , 2000.
6. C. M. Bishop, Pattern Recognition and Machine Learning. Springer, 2006.
7. M. R. Henzinger, P. Raghavan, and S. Rajagopalan, Computing on Data Streams. Am. Math. Soc. , 1999.
8. F. Valeur, G. Vigna, C. Krugel, and R. A. Kemmerer, "A Comprehensive Approach to Intrusion Detection Alert Correlation," IEEE Trans. Dependable and Secure Computing, vol. 1, no. 3, pp. 146-169, July-Sept. 2004.

Intrusion Detection System Alert Aggregation Generative Modelling Data Stream Algorithm Meta - Alert Darpa Dataset