Optimizing SIEM Throughput on the Cloud Using Parallelization

Guardado en:

Detalles Bibliográficos
Publicado en:	PLoS One vol. 11, no. 11 (Nov 2016), p. e0162746
Autor principal:	Alam, Masoom
Otros Autores:	Asif Ihsan, Khan, Muazzam A, Javaid, Qaisar, Khan, Abid, Manzoor, Jawad, Akhundzada, Adnan, Khan, M Khurram, Farooq, Sajid
Publicado:	Public Library of Science
Materias:	King Saud University Pakistan Islamabad Pakistan Rawalpindi Pakistan International conferences Data processing Parallel processing Computer science Cloud computing Real time Sensors Computer applications Information technology Query processing Economic Central processing units > CPUs Big Data Social networks Websites Security services
Acceso en línea:	Citation/Abstract Full Text Full Text - PDF
Etiquetas:	Agregar Etiqueta Sin Etiquetas, Sea el primero en etiquetar este registro!

MARC


LEADER	00000nab a2200000uu 4500
001	1841158378
003	UK-CbPIL
022			\|a 1932-6203
024	7		\|a 10.1371/journal.pone.0162746 \|2 doi
035			\|a 1841158378
045	2		\|b d20161101 \|b d20161130
084			\|a 174835 \|2 nlm
100	1		\|a Alam, Masoom
245	1		\|a Optimizing SIEM Throughput on the Cloud Using Parallelization
260			\|b Public Library of Science \|c Nov 2016
513			\|a Journal Article
520	3		\|a Processing large amounts of data in real time for identifying security issues pose several performance challenges, especially when hardware infrastructure is limited. Managed Security Service Providers (MSSP), mostly hosting their applications on the Cloud, receive events at a very high rate that varies from a few hundred to a couple of thousand events per second (EPS). It is critical to process this data efficiently, so that attacks could be identified quickly and necessary response could be initiated. This paper evaluates the performance of a security framework OSTROM built on the Esper complex event processing (CEP) engine under a parallel and non-parallel computational framework. We explain three architectures under which Esper can be used to process events. We investigated the effect on throughput, memory and CPU usage in each configuration setting. The results indicate that the performance of the engine is limited by the number of events coming in rather than the queries being processed. The architecture where 1/4th of the total events are submitted to each instance and all the queries are processed by all the units shows best results in terms of throughput, memory and CPU usage.
610		4	\|a King Saud University
651		4	\|a Pakistan
651		4	\|a Islamabad Pakistan
651		4	\|a Rawalpindi Pakistan
653			\|a International conferences
653			\|a Data processing
653			\|a Parallel processing
653			\|a Computer science
653			\|a Cloud computing
653			\|a Real time
653			\|a Sensors
653			\|a Computer applications
653			\|a Information technology
653			\|a Query processing
653			\|a Economic
653			\|a Central processing units--CPUs
653			\|a Big Data
653			\|a Social networks
653			\|a Websites
653			\|a Security services
700	1		\|a Asif Ihsan
700	1		\|a Khan, Muazzam A
700	1		\|a Javaid, Qaisar
700	1		\|a Khan, Abid
700	1		\|a Manzoor, Jawad
700	1		\|a Akhundzada, Adnan
700	1		\|a Khan, M Khurram
700	1		\|a Farooq, Sajid
773	0		\|t PLoS One \|g vol. 11, no. 11 (Nov 2016), p. e0162746
786	0		\|d ProQuest \|t Health & Medical Collection
856	4	1	\|3 Citation/Abstract \|u https://www.proquest.com/docview/1841158378/abstract/embedded/L8HZQI7Z43R0LA5T?source=fedsrch
856	4	0	\|3 Full Text \|u https://www.proquest.com/docview/1841158378/fulltext/embedded/L8HZQI7Z43R0LA5T?source=fedsrch
856	4	0	\|3 Full Text - PDF \|u https://www.proquest.com/docview/1841158378/fulltextPDF/embedded/L8HZQI7Z43R0LA5T?source=fedsrch