A Systematic Mapping Study on Intrusion Alert Analysis in Intrusion Detection Systems

Abstract

Intrusion alert analysis is an attractive and active topic in the area of intrusion detection systems. In recent decades, many research communities have been working in this field. The main objective of this article is to achieve a taxonomy of research fields in intrusion alert analysis by using a systematic mapping study of 468 high-quality papers. The results show that there are 10 different research topics in the field, which can be classified into three broad groups: pre-processing, processing, and post-processing. The processing group contains most of the research works, and the post-processing group is newer than others.