APPLICATION OF THE COMPLEX EVENT PROCESSING SYSTEM FOR ANOMALY DETECTION AND NETWORK MONITORING
2015; Wydawnictwa AGH; Volume: 16; Issue: 4 Linguagem: Inglês
10.7494/csci.2015.16.4.351
ISSN2300-7036
AutoresFrankowski Gerard, Jerzak Marcin, M. Sc. Smolarczyk Maciej, Tomasz Nowak, Pawłowski Marek,
Tópico(s)Anomaly Detection Techniques and Applications
ResumoProtection of infrastructures for e-science, including grid environments and NREN facilities, requires the use of novel techniques for anomaly detection and network monitoring. The aim is to raise situational awareness and provide early warning capabilities. The main operational problem that most network operators face is integrating and processing data from multiple sensors and systems placed at critical points of the infrastructure. From a scientific point of view, there is a need for the efficient analysis of large data volumes and automatic reasoning while minimizing detection errors. In this article, we describe two approaches to Complex Event Processing used for network monitoring and anomaly detection and introduce the ongoing SECOR project (Sensor Data Correlation Engine for Attack Detection and Support of Decision Process), supported by examples and test results. The aim is to develop methodology that allows for the construction of next-generation IDS systems with artificial intelligence, capable of performing signature-less intrusion detection.
Referência(s)