Gigascope: a stream database for network applications
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
PSoup: a system for streaming queries over streaming data
The VLDB Journal — The International Journal on Very Large Data Bases
On scalable attack detection in the network
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
High-performance complex event processing over streams
Proceedings of the 2006 ACM SIGMOD international conference on Management of data
ZStream: a cost-based query processor for adaptively detecting composite events
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Fault detection in IP-based process control networks using data mining
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Hi-index | 0.00 |
Anomaly detection is very important for modern network service. Yet it is still a big challenge to conduct effective anomaly detection due to the high rate of service data and the complex correlations among them. Owing to the powerful query language and performance potential, complex event processing (CEP) is very suitable for this situation. In this paper, we present NEPnet, a high-performance and scalable monitoring system, which can process events for anomaly detection of network service in real time. NEPnet is based on CEP and provides a SQL-like language supporting various event correlations. On accepting user-defined queries as input, NEPnet builds a tree-based monitoring net for detailed anomaly detection. Considering the anomaly features of network service, the monitoring net utilizes limit trigger, predicate index and route table for different types of processing nodes in it. Our preliminary experiment results show that NEPnet can effectively detect anomaly of network service, with a high-speed of 100,000 events per second and 3~6 times faster than Esper, a general CEP engine.