Don't worry, you have not misconfigured anything, this is normal. The attackers and victims are assigned based on teh signature. If you feel the attack really is in the incomming direction (as opposed to it being a false positive), you can swap attacker and victim IP in the signature settings on a sig by sig basis.
Otherwise you can write an Event Action Filter that could prevent alerting on internal hosts being the attackers, but this needs to be done carefully so you don't ignore bad hosts in your network.