Back to Search
Start Over
Optimizing SIEM Throughput on the Cloud Using Parallelization
- Source :
- PLoS ONE, Vol 11, Iss 11, p e0162746 (2016), PLoS ONE
- Publication Year :
- 2016
- Publisher :
- Public Library of Science (PLoS), 2016.
-
Abstract
- Processing large amounts of data in real time for identifying security issues pose several performance challenges, especially when hardware infrastructure is limited. Managed Security Service Providers (MSSP), mostly hosting their applications on the Cloud, receive events at a very high rate that varies from a few hundred to a couple of thousand events per second (EPS). It is critical to process this data efficiently, so that attacks could be identified quickly and necessary response could be initiated. This paper evaluates the performance of a security framework OSTROM built on the Esper complex event processing (CEP) engine under a parallel and non-parallel computational framework. We explain three architectures under which Esper can be used to process events. We investigated the effect on throughput, memory and CPU usage in each configuration setting. The results indicate that the performance of the engine is limited by the number of events coming in rather than the queries being processed. The architecture where 1/4th of the total events are submitted to each instance and all the queries are processed by all the units shows best results in terms of throughput, memory and CPU usage.
- Subjects :
- Optimization
Computer and Information Sciences
Computer science
Distributed computing
lcsh:Medicine
Complex event processing
CPU time
Cloud computing
02 engineering and technology
Research and Analysis Methods
Bioinformatics
Computer Architecture
Cognition
Learning and Memory
Memory
0202 electrical engineering, electronic engineering, information engineering
Data Mining
Engines
lcsh:Science
Throughput (business)
Data Processing
Multidisciplinary
business.industry
Mechanical Engineering
Applied Mathematics
Simulation and Modeling
lcsh:R
Process (computing)
Biology and Life Sciences
020206 networking & telecommunications
Cloud Computing
Managed security service
Computing Methods
Physical Sciences
Engineering and Technology
Cognitive Science
lcsh:Q
020201 artificial intelligence & image processing
Information Technology
business
Mathematics
Algorithms
Research Article
Neuroscience
Subjects
Details
- ISSN :
- 19326203
- Volume :
- 11
- Database :
- OpenAIRE
- Journal :
- PLOS ONE
- Accession number :
- edsair.doi.dedup.....816e91908a64fcefd02269f603a719c6