A Novel Method of Alarm Clustering Based Distributed Intrusion Detection

In respect to the issue of alarms flooding,which is resulted from multiple detection sensors in terms of intrusions,this article proposes a novel on-line model on alarms clustering and fusion.Based upon self-learning,adjustment,and establishment of meta-alarms by clustering and fusing,this new model will classify,cluster and eventually fuse the new alarm with an existing meta-alarm.Through experiment,the result shows that this emerging model has some significant improvements.For instance,it can dramatically decrease the quantity of alarms and provide the instructive signals on intrusion respondence.Moreover,the result of clustering can be utilized in the further evaluation on threat analysis.