We propose a novel technique for online Aware aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded as a data Flowversion of a maximum likelihood approach for the estimation of the model parameters. In addition, meta-Awares are generated with a delay of typically only a few seconds after observing the first Aware belonging to a new attack instance. | ISSN:2249-5789 P V Radhakrishna Murty et al , International Journal of Computer Science & Communication Networks,Vol 2(3),444-452 Online Imposition Aware Aggregation with Generative Data Flow Model MURTY#1 , Student (10F92D5815) #1, Assoc. Professor in CSE Department#2 Prakasam Engineering College, Kandukur, Prakasam Dist., #1, #2 Andhra Pradesh, India. Abstract—Aware aggregation is an important subtask of Imposition detection. The goal is to identify and to cluster different Awares produced by low-level Imposition detection systems, firewalls, etc. Belonging to a specific attack instance which has been initiated by an attacker at a certain point in time. Thus, meta-Awares can be generated for the clusters that contain all the relevant information whereas the amount of data (., Awares) can be reduced substantially. Meta-Awares may then be the basis for reporting to security experts or for communication within a distributed Imposition detection system. We propose a novel technique for online Aware aggregation which is based on a dynamic, probabilistic model of the current attack situation. Basically, it can be regarded as a data Flowversion of a maximum likelihood approach for the estimation of the model parameters. In addition, meta-Awares are generated with a delay of typically only a few seconds after observing the first Aware belonging to a new attack instance. Index Terms—Imposition detection, Aware aggregation, generative Model, data Flow algorithm. 1 INTRODUCTION IMPOSITION detection systems (IDS) are besides other protective measures such as virtual private networks, authentication mechanisms, or encryption techniques very important to guarantee information security. They help to defend against the various threats to which networks and hosts are exposed to by detecting the actions of attackers or attack tools in a network or host-based manner with misuse or anomaly detection techniques [1]. At present, most IDS are .