SCAS - Stream Clustering Algorithm for Suricata

SCAS (Stream Clustering Algorithm for Suricata) is a stream clustering algorithm designed for classifying Suricata IDS alerts in EVE format in real time, and mining frequent alert patterns that represent commmon attack scenarios of low importance.

For detailed information on SCAS, please see its GitHub repository.

SCAS is distributed under the terms of GNU GPL and can be downloaded from GitHub, with the most recent version being 0.04 (released in October 20, 2022).

Finally, a paper published at CSR 2021 provides a detailed description of SCAS internals and discusses its performance.