Alert Aggregation Agent

Intrusion detection technique is important subtask that aggregates alert. Alert aggregation goal is to identify & to cluster different alert belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Meta-alerts may then be the basis for reporting to security experts or for communication within a distributed intrusion detection system. Alert aggregation which is based on a dynamic, probabilistic model of the current attack situation, it can be regarded as a data stream version of a maximum likelihood approach for the estimation of the model parameters. Meta-alerts are generated with a delay of typically only a few seconds after observing the first alert belonging to a new attack instance. We make the system more efficient in identifying the intrusion alerts and also we extend this work by sending the Alerts as Message to the Network Administrator who governs the Network or Intrusion Detection System.