Online Intrusion Alert Aggregation with GDSM

Online intrusion alert aggregation with generative data stream modeling uses generative modeling approach. It also uses probabilistic methods as one of the type of method. We assume that instances of an attack is similar as a alert producing process. This process may be a random process. This paper summarizes the process of collecting and modeling these attacks on some similar parameters such as source, destination etc. , so that attack from beginning to completion can be identified. This collected and modeled alerts is processed through different types of layers through generative data stream modeling. With some data sets, we will show that it is easy to decrease the number of alerts and count of missing meta alerts is also extremely low. Also we show that generation of meta alerts having delay of only few seconds even though first alert is produced already. Also we send these meta alerts on registered mobile so that admin will get messages as soon as possible.