As the role of intrusion detection systems become more and more important to network security, many managerial problems emerge. One among the most concerned is the alarm flooding problem. In order to achieve high detection rate, system administrators often set the sensitivity level of IDS to high, which inevitably resulted in a huge number of alarms with false alarms occupying sizable proportion. On one hand, administrators need to inspect carefully to discover useful information from them, which is a heavy burden to the administrators. On the other hand, attackers may make use of the large amount of false alarms to obstruct the detection process and deceive intrusion detection systems. Therefore, after achieving high detection rate, how to improve the detection efficiency of intrusion detection systems and effectively reduce the number of false alarms becomes a vital problem to face. In intrusion detection systems adopting misuse detection methods, the attack signatures are mostly characterized with information from single data source: for examples, the packet information from the network or the resource utilization information from the host. Without utilizing other available information, the accuracy of judgment made in generating alarm may not be satisfactory. In this thesis, we propose an alarm filtering scheme to improve the efficiency of misuse-type network intrusion detection system. Through careful analysis, a preliminarily recognized attack threat can be verified against heterogeneous data sources in determining if an attack may really succeed before it is reported. The proposed scheme has been implemented. Experiment result shows that, with the heterogeneous information, the occurrences of false alarm are obviously reduced and none of the real alarms are among those non-reported ones.