As the Internet technologies are innovated faster, the side-effects, such as hacking, virus, and worm, occur more and more. To control these side-effects, many companies, governments deploy and operate IDS on their networks. However, current IDS system has some problems to solve as follows, and these problems make the IDS more vulnerable to fine-grained, distributed, and large-scaled attacks. Therefore we propose a flexible and effective system using heterogeneous correlation and aggregation methods to control these problems. The system can generate a proper event or a new event for related attack. It helps that the administrator analyzes the excessive events effectively and responses against the attack properly.