Calculation method for alert credibility based on peer correlation

Most intrusion detection systems produce large amounts of alert information,which affect system management to some extent and lead to high misstatement rate,and thereby influence the intrusion detection.To solve this problem,a calculation method for alert credibility based on the peer correlation is proposed over P2P overlay networks,where peers need the association after receiving a series of intrusion alarm to integrate the alarm information and extract the effective alarm information.According to different associated objects,the peer correlation includes the alert correlation and the trust correlation.The effectiveness of intrusion alert information can be judged through the alert correlation,and the credibility of the peer producing the alarm can be measured through the trust correlation.A correlation algorithm is also given.Simulations show that the dual correlation algorithm can improve the accuracy of intrusion detection alerts.