Preprocessor for Complex Event Processing System in Network Security

摘要

Network security refers to any activity designed to protect the network. These activities intend to protect the usability, reliability, and safety of network and data. Effective network security targets a variety of threats and stops them from entering or spreading on network. In network security, Complex Event Processing (CEP) system can be used for correlating events across different security devices and applications for complicated attack detection and response. The events will be recorded in sys log files. There will be millions of events generated by each security device. Hence, the CEP engine has to process massive amount of logs. We describe a method for pre-processing the vast input to extract relevant data, the CEP engine shall be concerned about. The CEP engine which we used in this system is ESPER. The sys log is preprocessed based on risk taxonomy. Risk taxonomy is built in a hierarchical structure with respect to the attacks the CEP is looking for.