A Progressive Intrusion Detection System through Event Processing: Challenges and Motivation

Abstract

In this contemporary world, working on internet is a crucial task owing to the security threats in the network like intrusions, injections etc. To recognize and reduce these system attacks, analysts and academicians have introduced Intrusion Detection Systems (IDSs) with the various standards and applications. There are different types of Intrusion Detection Systems (IDS) arise to solve the attacks in various environments. Though IDS is more powerful, it produces the results on the abnormal behaviours said to be attacks with false positive and false negative rates which leads to inaccurate detection rate. The other problem is that, there are more number of attacks arising simultaneously with different behaviour being detected by the IDS with high false positive rates which spoils the strength and lifetime of the system, system’s efficiency and fault tolerance. Complex Event Processing (CEP) plays a vital role in handling the alerts as events in real time environment which mainly helps to recognize and reduce the redundant alerts.CEP identifies and analyses relationships between events in real time, allowing the system to proactively take efficient actions to respond to specific alerts.In this study, the tendency of Complex Event Processing (CEP) over Intrusion Detection System (IDS) which offers effective handling of the alerts received from IDS in real time and the promotion of the better detection of the attacks are discussed. The merits and challenges of CEP over IDS described in this paper helps to understand and educate the IDS systems to focus on how to tackle the dynamic attacks and its alerts in real time.