Complex Event Processing Over Intrusion Detection System: A Comprehensive Discussion

Abstract

The quick advancement and extension of the internet and the computer system has equipped the hackers and intruders with new ideas for their destructive purposes. The expenses of changeless harms caused by unauthorized access of the intruders have forced to progressively execute different system to filter the alerts in the network. These systems are consequently discussed to as Intrusion Detection Systems (IDS) by the experts and the researchers. IDS is utilized to recognize all interruptions in a network and if any suspicious event approaching a danger or threat which may bring harm to the computer systems, the IDS will produce alerts. Though IDS detect the attacks, it is suffered from generating false positive alerts. Therefore there is a need to analyse each alert precisely to differentiate from legitimate behaviour of the system which is time consuming. So, each alert is to be taken as an event and it is to be processed in real time. Since there is large number of alerts generated by the IDS, it is required that the alerts are to be handled by the Complex Event Processing. Complex Event Processing (CEP) is an advanced technology used to filter and process events in real time. The CEP filters the alerts/events from the IDS logs and responds to the events through pattern matching techniques. In this paper, the advantages of the methodologies used by the Complex Event Processing over the IDS includes Clustering, Classification and pattern matching of the alerts/events which promotes the efficient performance of the IDS system is discussed. This Comprehensive discussion also articulates the handling of false alerts by the Complex Event Processing, produced by the Intrusion Detection System.