Abstract
In response to the limitations of existing network security alert screening methods in handling high-noise and incomplete data, this paper proposes a multi-level alert screening framework based on DBSCAN density clustering and RETE rule reasoning. The proposed method achieves adaptive analysis and precise screening of alert data by constructing a multi-stage processing pipeline that integrates density clustering, fuzzy reasoning, and dynamic neural networks. Key innovations include: employing the DBSCAN algorithm to perform unsupervised clustering and noise identification of alert data; introducing an improved RETE rule reasoning mechanism that supports weighted fuzzy matching to enhance fault tolerance for incomplete alert streams; and designing a BP neural network with dynamically adjustable structure to achieve accurate alert classification. Experimental results demonstrate that the proposed method achieves significant performance advantages on multiple real-world and benchmark datasets, with a true positive rate of 96.6%, a noise rate controlled within 18.7%, and CPU utilization below 1%, substantially outperforming existing mainstream solutions and exhibiting high practical application value.