Amir Azimi Alasti Ahrabi, Ahmad Habibizad Navin, Hadi Bahrbegi, Mir Kamal Mirnia, Mehdi Bahrbegi, Elnaz Safarzadeh & Ali Ebrahimi International Journal of Computer Science and Security, (IJCSS), Volume (4): Issue (6) 589 A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps Amir Azimi Alasti Ahrabi amir.azimi.alasti@gmail.com Department of Computer Islamic Azad University, Shabestar Branch Tabriz, East Azerbaijan, Iran Ahmad Habibizad Navin ah_habibi@iaut.ac.ir Department of Computer Islamic Azad University, Science and Research Branch Tabriz, East Azerbaijan, Iran Hadi Bahrbegi hadi.bahrbegi@gmail.com Department of Computer Islamic Azad University, Shabestar Branch Tabriz, East Azerbaijan, Iran Mir Kamal Mirnia mirnia-kam@tabrizu.ac.ir Department of Computer Islamic Azad University, Science and Research Branch Tabriz, East Azerbaijan, Iran Mehdi Bahrbegi m.bahribayli@gmail.com Department of Computer Islamic Azad University, Shabestar Branch Tabriz, East Azerbaijan, Iran Elnaz Safarzadeh elnaz_safarzadeh@yahoo.com Department of Computer Islamic Azad University, Shabestar Branch Tabriz, East Azerbaijan, Iran Ali Ebrahimi ali.ebrahimi1781@gmail.com Department of Computer Islamic Azad University, Shabestar Branch Tabriz, East Azerbaijan, Iran Abstract Intrusion Detection Systems (IDS) allow to protect systems used by organizations against threats that emerges network connectivity by increasing. The main drawbacks of IDS are the number of alerts generated and failing. By using Self-Organizing Map (SOM), a system is proposed to be able to classify IDS alerts and to reduce false positives alerts. Also some alert filtering and cluster merging algorithm are introduce to improve the accuracy of the proposed system. By the experimental results on DARPA KDD cup 98 the system is able to cluster and classify alerts and causes reducing false positive alerts considerably.