IDS (Intrusion Detection) systems produce alerts. The quality of those alerts is usually too low.
To improve that quality, filtering software is required.
You will have to
a) Use the 2nd week DARPA 1999 log file (of around 40.000 alerts)
b) Implement software in Java with a User Interface that can parse that file and
filter the alerts. The software shall be modular. Each filtering technique should exist in a file
that implements a Java interface that you will specify. So implementing new techniques should be
straight forward.
c) Implement the paper attached
So you will implement the three components.
For each component you will have to define the:
+**input** (maybe the log file, or even better a data_structure - an object - that you will define that will contain the log data)
+**output**
+**type** NRA|HAF/UFP
+a method called validate() that will check whether the connections are correct
+a method called execute() that will run the algorithm.
The 2nd week DARPA 1999 database can be fetched from here : [[login to view URL]<wbr />communications/ist/corpora/<wbr />ideval/data/[login to view URL]][1]
The results shall be graphical. You should use a very nice sortable / filtering JTable library called [[login to view URL]<wbr />glazedlists/][2]