tailieunhanh - Planbased Complex Event Detection across Distributed Sources

In this paper, we study the problem of complex event detection (CED) in a monitoring environment that consists of potentially a large number of distributed event sources (., hardware sensors or software receptors). CED is becoming a fundamental capability in many domains including network and infrastructure security (., denial of service attacks and intrusion detection [22]) and phenomenon and activity tracking (., fire detection, storm detection, tracking suspicious behavior [23]). More often than not, such sophisticated (or “complex”) events ”happen” over a period of time and region. Thus, CED often requires consolidating over time many ”simple” events generated by distributed sources. Existing CED approaches, such as those employed by stream processing systems. | Plan-based Complex Event Detection across Distributed Sources Mert Akdere Brown University makdere@ Uigur Cetintemel Brown University ugur@ Nesime Tatbul ETH Zurich tatbul@ ABSTRACT Complex Event Detection CED is emerging as a key capability for many monitoring applications such as intrusion detection sensorbased activity phenomena tracking and network monitoring. Existing CED solutions commonly assume centralized availability and processing of all relevant events and thus incur significant overhead in distributed settings. In this paper we present and evaluate communication efficient techniques that can efficiently perform CED across distributed event sources. Our techniques are plan-based we generate multi-step event acquisition and processing plans that leverage temporal relationships among events and event occurrence statistics to minimize event transmission costs while meeting application-specific latency expectations. We present an optimal but exponential-time dynamic programming algorithm and two polynomial-time heuristic algorithms as well as their extensions for detecting multiple complex events with common sub-expressions. We characterize the behavior and performance of our solutions via extensive experimentation on synthetic and real-world data sets using our prototype implementation. 1. INTRODUCTION In this paper we study the problem of complex event detection CED in a monitoring environment that consists of potentially a large number of distributed event sources . hardware sensors or software receptors . CED is becoming a fundamental capability in many domains including network and infrastructure security . denial of service attacks and intrusion detection 22 and phenomenon and activity tracking . fire detection storm detection tracking suspicious behavior 23 . More often than not such sophisticated or complex events happen over a period of time and region. Thus CED often requires consolidating over time many

TỪ KHÓA LIÊN QUAN