Intrusion detection systems are used by an enterprise to detect and identify unauthorized or unwanted use (commonly called an attack) of the enterprise's computer network, which normally comprises a large number of nodes and network operations centers. In general, these enterprise intrusion detection systems receive data using sensors or other intrusion detection devices. The system typically correlates the incoming data with stored data according to rules designed to detect specific patterns in network traffic, audit trails, and other data sources to detect attacks on the enterprise's computer network. The system does not, however, determine the likely identity of attackers. In addition, the correlation of data typically requires numerous, time-consuming operations.