Title :
Preprocessor for Complex Event Processing System in Network Security
Author :
Jayan, Keerthi ; Rajan, Archana K.
Author_Institution :
Comput. Sci. & Eng., Amrita Vishwa Vidyapeetham, Kollam, India
Abstract :
Network security refers to any activity designed to protect the network. These activities intend to protect the usability, reliability, and safety of network and data. Effective network security targets a variety of threats and stops them from entering or spreading on network. In network security, Complex Event Processing (CEP) system can be used for correlating events across different security devices and applications for complicated attack detection and response. The events will be recorded in sys log files. There will be millions of events generated by each security device. Hence, the CEP engine has to process massive amount of logs. We describe a method for pre-processing the vast input to extract relevant data, the CEP engine shall be concerned about. The CEP engine which we used in this system is ESPER. The sys log is preprocessed based on risk taxonomy. Risk taxonomy is built in a hierarchical structure with respect to the attacks the CEP is looking for.
Keywords :
computer network security; CEP engine; CEP system; ESPER; complex event processing system; complicated attack detection; hierarchical structure; network security; preprocessing; preprocessor; reliability; risk taxonomy; security device; sys log files; usability; Communication networks; Computer architecture; Engines; Firewalls (computing); Protocols; Taxonomy; CEP; Esper; Network Security; Risk taxonomy; Sys log;
Conference_Titel :
Advances in Computing and Communications (ICACC), 2014 Fourth International Conference on
Conference_Location :
Cochin
Print_ISBN :
978-1-4799-4364-7
DOI :
10.1109/ICACC.2014.52
