Alert Verification is the first free implementation (known to me) of this sort of technique. It’s a patch against Snort 2.0.2, so I hope to try it. The alert is then released back to the Snort engine. I wonder how fast this works? This is interesting because it’s a free implementation of this kind of technique. It’s not known how fast it works, but I wonder if it can be fixed in real-time. The project is based on the work of William Robertson and Chris Kruegel.”]
Source: https://taosecurity.blogspot.com/2003/10/reliable-software-group-posts-new.html