“…Each alert is consists of set of attributes:sensor, alert type, classification, priority, date, time ( hours ,minutes, seconds and milliseconds), source IP address, destination IP address, source port number, destination port number, protocol, TTL, TOS, ID, Iplen, Dgmlen, type, code and packet type. The reduction of these attributes has become a necessary condition for many researchers [5]. Many Researches [6] in false positive alerts reduction process depending on some attributes without using feature selection or extraction methods.…”