With the expansion of computer networks and threats due to attacks to network, network and data security is an essential requirement in the area of computer systems. For provide security, systems called Intrusion Detection Systems (IDSs) are needed. Intrusion detection systems are used to detect attacks in computer networks. Network administrators are often overwhelmed by large volumes of IDS alerts. This has motivated for automatic IDS alert analysis. The goal of automatic alert analysis is to respond IDSes challenges. Including: large volumes of alerts, large amount of false positive alerts, low-level situational awareness and alerts no correlated with others. when attackers succeed to pass through other security systems, to detect and prevent them from further progress. There are many challenges in IDSes. They should be able to work with large volume of data, attackers try to defeat security mechanisms, and new attacks are discovered every day. So, after some time, IDSes lose their efficiency and cannot detect unknown attacks. When Intrusion Deection Systems detect signs of security violations, they produce an alert or alerts. But they usually produce too many alerts in a day, most which are false positive. In this thesis, we have proposed methods to divide the alerts generated by IDSes into five main justify; TEXT-INDENT: 18pt; MARGIN: 0cm 0cm 0pt; unicode-bidi: embed; DIRECTION: ltr" dir=ltr Keywords: Intrusion Detection System, Alert Correlation, Support Vector Machine, Layered approach.