Design and Research of an Alert Clustering Algorithm Based on Search Tree and an Alert Classified Method Based on Bayesian Classifier
基于搜索树的告警高效聚类算法和Bayes分类器的设计和研究

How to effectively find out valuable abnormal behaviors from the numerous alarms and logs produced by all kinds of security products everyday, all of them must be analyzed and the true and non-redundant information should be extracted, which is helpful to find the real problem and then correcting actions can be taken to protect the safety of systern. This is one of the biggest challenges which IDS is facing. In this paper, taking into account search tree which can decrease searching space and overlay vector, an alert clustering algorithm based on search tree is presented. So as to classify new alert and can have correlation with other alert, an alert classified method based on Bayesian classifier is emphatically proposed. At last, KDD Cup 1999 Data is used to evaluate the performance of algorithm, and the experiment results show the high efficiency of the algorithm. The applications of them to Multi-information-source intelligential security auditing system indicate that they will have a good future for implementation.