Life without networks would be considerably less convenient, and many activities would be impossible. Complex Event Processing (CEP) is event processing that combines data from different sources to infer events (or patterns) that suggest more complicated circumstances. The goal of complex event processing in network security is to identify meaningful events (such as opportunities or threats) and respond to them as quickly as possible. The main challenge in complex event processing is huge volume of complex events. CEP system can correlate events of different devices. The system log file contains events that are logged by the operating system components, network components (routers and switches) security devices (firewalls, IDS/IPS, and antivirus etc). System log files contain information about device changes, device drivers, system changes or activities happening on the network or within the OS etc. Event processing is a method of tracking and analyzing (processing) streams of data about things that happen (events) and deriving a conclusion from them. In the proposed system log data is taken as input. Risk taxonomy is used to normalize or tag input data. After parsing and normalization, amount of input is reduced for Complex Event Processing, which identifies levels of risk for a set of events.
A. K. Rajan and Jayan, K., “An Approach to Reduce Input for CEP in Network Security”, in International Conference on Communication and Computing (ICC- 2014), Bangalore, 2014.