Intrusion Detection System (IDS) nowadays are known for producing a huge amount of alerts that are either not related to true alerts or not represented successful attacks due to lack of information to verify and to correlate IDS events. Alert verification, in the process of event correlation, is a method that we use to determine whether an alert from IDS is a false positive and to identify the success of an attack through context information of protected environment in two aspects. That is victim host context information and network context information. This paper presents alert analysis archi...