Real Time Intrusion Alert Aggregation for Distributed Intrusion Detection System and Prevention of Attacks

Abstract: Real time intrusion alert aggregation is a concept of aggregating intrusion alerts which are generated in real time environment. The System present a real time intrusion alert aggregation strategy for distributed system. Organization use different intrusion detection System to detects unauthorized activities and different attack performed by intruder but a lot of alert is generated. Security personnel are confused with bulk of alerts. This makes them difficult to take decision immediately. They take a lot of time to analyse the alerts. The proposed system generates meta-alerts on real time alert data. IDS system cluster similar alerts and form one Meta alert and that Meta alert is send to admin by email. System consists of multiple IDS Server (IDS) and multiple Client Systems over a network. All IDS communicates with each other and central server. IDS stores alerts in central IDS Server. Central IDS server analysis all alerts which are stored in database and shows different types of attack instance occurred on system and generates Reports.

Keywords: IDS, Intrusion, Alert, Real Time Alert Aggregation, Attack, DIDS.