DocumentCode
3657129
Title
Distributed Real-Time Event Analysis
Author
Julian James Stephen;Daniel Gmach;Rob Block;Adit Madan;Alvin AuYoung
Author_Institution
Purdue Univ., West Lafayette, IN, USA
fYear
2015
fDate
7/1/2015 12:00:00 AM
Firstpage
11
Lastpage
20
Abstract
Security Information and Event Management (SIEM) systems perform complex event processing over a large number of event streams at high rate. As event streams increase in volume and event processing becomes more complex, traditional approaches such as scaling up to more powerful systems quickly become ineffective. This paper describes the design and implementation of DRES, a distributed, rule-based event evaluation system that can easily scale to process a large volume of non-trivial events. DRES intelligently forwards events across a cluster of nodes to evaluate complex correlation and aggregation rules. This approach enables DRES to work with any rules engine implementation. Our evaluation shows DRES scales linearly to more than 16 nodes. At this size it successfully processed more than half a million events per second.
Keywords
"Engines","Correlation","Throughput","Real-time systems","Data structures","Servers","Connectors"
Publisher
ieee
Conference_Titel
Autonomic Computing (ICAC), 2015 IEEE International Conference on
Type
conf
DOI
10.1109/ICAC.2015.12
Filename
7266930
Link To Document