PL EN


Preferencje help
Widoczny [Schowaj] Abstrakt
Liczba wyników
Tytuł artykułu

Application of the Complex Event Processing system for anomaly detection and network monitoring

Treść / Zawartość
Identyfikatory
Warianty tytułu
Języki publikacji
EN
Abstrakty
EN
Protection of infrastructures for e-science, including grid environments and NREN facilities, requires the use of novel techniques for anomaly detection and network monitoring. The aim is to raise situational awareness and provide early warning capabilities. The main operational problem that most network operators face is integrating and processing data from multiple sensors and systems placed at critical points of the infrastructure. From a scientific point of view, there is a need for the efficient analysis of large data volumes and automatic reasoning while minimizing detection errors. In this article, we describe two approaches to Complex Event Processing used for network monitoring and anomaly detection and introduce the ongoing SECOR project (Sensor Data Correlation Engine for Attack Detection and Support of Decision Process), supported by examples and test results. The aim is to develop methodology that allows for the construction of next-generation IDS systems with artificial intelligence, capable of performing signature-less intrusion detection.
Wydawca
Czasopismo
Rocznik
Strony
351--371
Opis fizyczny
Bibliogr. 23 poz., rys., wykr., tab.
Twórcy
  • Poznań Supercomputing and Networking Center, Institute of Bioorganic Chemistry, Noskowskiego 10, 61-704 Poznań, Poland
autor
  • Poznań Supercomputing and Networking Center, Institute of Bioorganic Chemistry, Noskowskiego 10, 61-704 Poznań, Poland
autor
  • Poznań Supercomputing and Networking Center, Institute of Bioorganic Chemistry, Noskowskiego 10, 61-704 Poznań, Poland
  • Institute of Computing Science, Poznań University of Technology, Piotrowo 2, 60-965 Poznań, Poland
autor
  • Poznań Supercomputing and Networking Center, Institute of Bioorganic Chemistry, Noskowskiego 10, 61-704 Poznań, Poland
  • Poznań Supercomputing and Networking Center, Institute of Bioorganic Chemistry, Noskowskiego 10, 61-704 Poznań, Poland
Bibliografia
  • [1] Balis B., Kowalewski B., Bubak M.: Leveraging Complex Event Processing for Grid Monitoring. In: Parallel Processing and Applied Mathematics , R. Wyrzykowski, J. Dongarra, K. Karczewski, J. Wasniewski, eds, Lecture Notes in Computer Science , vol. 6068, pp. 224–233. Springer, Berlin-Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-14403-5_24 .
  • [2] Balis B., Kowalewski B., Bubak M.: Real-time Grid monitoring based on complex event processing. Future Generation Computer Systems , vol. 27(8), pp. 1103–1112, 2011. http://www.sciencedirect.com/science/article/pii/ S0167739X11000562 .
  • [3] Bereziński P., Pawelec J., Małowidzki M., Piotrowski R.: Entropy-Based In- ternet Traffic Anomaly Detection: A Case Study. In: Proceedings of the Ninth International Conference on Dependability and Complex Systems DepCoS- RELCOMEX. June 30 – July 4, 2014, Brunów, Poland , Advances in Intelligent Systems and Computing , W. Zamojski, J. Mazurkiewicz, J. Sugier, T. Walkowiak, J. Kacprzyk, eds, vol. 286, pp. 47–58. Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-07013-1_5 . 21 grudnia 2015 str. 19/21 Application of the Complex Event Processing system for anomaly detection (...) 369
  • [4] Bilge L., Dumitras T.: Before We Knew It: An Empirical Study of Zero-Day At- tacks In The Real World. Proceedings of the 2012 ACM conference on Computer and communications security , pp. 833–844, 2012. http://users.ece.cmu.edu/ ~tdumitra/public_documents/bilge12_zero_day.pdf .
  • [5] EGEE – Enabling Grids for E-sciencE, 2010. http://eu-egee.org .
  • [6] Frankowski G., Jerzak M.: Advanced Architecture of the Integrated IT Platform with High Security Level. In: Multimedia Communications, Services and Security , Communications in Computer and Information Science , A. Dziech, A. Czyżewski, eds, vol. 287, pp. 107–117. Springer, Berlin-Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-30721-8_11 .
  • [7] G ́ EANT: the pan-European research and education network, 2014. http://www.geant.net .
  • [8] Holzschuher F., Peinl R.: Performance of Graph Query Languages: Comparison of Cypher, Gremlin and Native Access in Neo4J. In: Proceedings of the Joint EDBT/ICDT 2013 Workshops , EDBT ’13, pp. 195–204. ACM, New York, NY, USA, 2013. http://doi.acm.org/10.1145/2457317.2457351 .
  • [9] Jerzak M., Wojtysiak M.: Distributed Intrusion Detection Systems – MetalDS case study. Computational Methods in Science and Technology , Special Issue (1), pp. 135–145, 2010.
  • [10] Kliarsky A., Atlasis A.A.: Responding to Zero Day Threats, 2011. http://www.sans.org/reading-room/whitepapers/incident/responding- zero-day-threats-33709 .
  • [11] Li B., Springer J., Bebis G., Gunes M.H.: A survey of network flow applications. Journal of Network and Computer Applications , vol. 36(2), pp. 567–581, 2013. http://www.sciencedirect.com/science/article/pii/S1084804512002676 .
  • [12] Lodi G., Aniello L., Luna G.A.D., Baldoni R.: An event-based platform for colla- borative threats detection and monitoring. Inf. Syst. , vol. 39, pp. 175–195, 2014. http://dblp.uni-trier.de/db/journals/is/is39.html#LodiALB14 .
  • [13] Neo4j: Neo4j – The World’s Leading Graph Database, 2012. http://neo4j.org/ .
  • [14] Security Experts Expect ‘Shellshock’ Software Bug in Bash to Be Signi- ficant, 2014. http://www.nytimes.com/2014/09/26/technology/security- experts-expect-shellshock-software-bug-to-be-significant.html .
  • [15] PIONIER, 2014. http://www.pionier.net.pl .
  • [16] Polish Platform for Homeland Security, 2014. http://www.ppbw.pl/en .
  • [17] Poznań Supercomputing and Networking Center, 2014. http://www.psnc.pl .
  • [18] Robinson I., Webber J., Eifrem E.: Graph Databases . O’Reilly Media, Inc., 2013.
  • [19] Storm, Distributed and fault-tolerant realtime computation, 2014. http://storm.apache.org .
  • [20] Symantec Corporation: Internet Security Threat Report 2014, 2014. http://www.symantec.com/content/en/us/enterprise/other_resources/ b-istr_main_report_v19_21291018.en-us.pdf . 21 grudnia 2015 str. 20/21 370 Gerard Frankowski, Marcin Jerzak, Maciej Miłostan, et al.
  • [21] The Apache Software Foundation: mod log config: CustomLog Directive, 2014. https://httpd.apache.org/docs/2.4/mod/mod_log_config.html#customlog .
  • [22] WSO2 Carbon System, 2005. http://wso2.com/products/carbon/ .
  • [23] WSO2 Siddhi CEP engine, 2005. http://siddhi.sourceforge.net/ .
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-d9d65d00-0e8c-496a-a3b8-46c325ea7a55
JavaScript jest wyłączony w Twojej przeglądarce internetowej. Włącz go, a następnie odśwież stronę, aby móc w pełni z niej korzystać.