Sys-log classifier for Complex Event Processing system in network security

Internet is growing very rapidly; so is its security issues. There are a wide variety of attacks possible in networked machines. DOS attack, buffer overflow attack, cross site attack, DNS exploit attack are a few to name. Without security measures and controls in place, network and data might be subjected to attacks. The commonly deployed security devices are firewall, IDS, IPS, anti-virus etc. Potential number of threats is still pervading which are formulated as attacks by combining many unnoticed primitive events. The best solution is to install a Complex Event Processing (CEP) system which can analyze multiple devices to infer attack patterns. Log information of network devices is the best choice for analysis. In a large network, there will be millions of events logged. Correlated analysis of this huge volume of log is the main challenge in Complex Event Processing (CEP) system. We describe a method to reduce the input to the Complex Event Processing (CEP) system, using Support Vector Machine (SVM) classifier. Our experiment shows that the input size can be considerably reduce using the classifier. Hence improves the working of Complex Event Processing (CEP) system.