Optimizing SIEM Throughput on the Cloud Using Parallelization

Abstract

Processing large amounts of data in real time for identifying security issues pose several performance challenges, especially when hardware infrastructure is limited. Managed Security Service Providers (MSSP), mostly hosting their applications on the Cloud, receive events at a very high rate that varies from a few hundred to a couple of thousand events per second (EPS). It is critical to process this data efficiently, so that attacks could be identified quickly and necessary response could be initiated. This paper evaluates the performance of a security framework OSTROM built on the Esper complex event processing (CEP) engine under a parallel and non-parallel computational framework. We explain three architectures under which Esper can be used to process events. We investigated the effect on throughput, memory and CPU usage in each configuration setting. The results indicate that the performance of the engine is limited by the number of events coming in rather than the queries being processed. The architecture where 1/4th of the total events are submitted to each instance and all the queries are processed by all the units shows best results in terms of throughput, memory and CPU usage.

Details

Subject

International conferences;
Data processing;
Parallel processing;
Computer science;
Cloud computing;
Real time;
Sensors;
Computer applications;
Information technology;
Query processing;
Central processing units--CPUs;
Big Data;
Social networks;
Websites;
Security services

Business indexing term

Subject:

Big Data;
Social networks;
Security services

Location

Pakistan; Islamabad Pakistan; Rawalpindi Pakistan

Company / organization

Name:

King Saud University

NAICS:

611310

Identifier / keyword

Engines; Parallel computing; Cloud computing; Security information and event management; Security Service; Complex event processing; Performance appraisal; Data mining; Data processing; Cloud computing; Algorithms; Computer architecture; Parsers; Computer hardware

Title

Optimizing SIEM Throughput on the Cloud Using Parallelization

Author

Alam, Masoom; Asif Ihsan; Khan, Muazzam A; Javaid, Qaisar; Khan, Abid; Manzoor, Jawad; Akhundzada, Adnan; Khan, M Khurram; Farooq, Sajid

Publication title

PLoS One; San Francisco

Volume

Issue

First page

e0162746

Publication year

2016

Publication date

Nov 2016

Section

Research Article

Publisher

Public Library of Science

Place of publication

San Francisco

Country of publication

United States

Publication subject

Medical Sciences, Sciences: Comprehensive Works

e-ISSN

19326203

Source type

Scholarly Journal

Language of publication

English

Document type

Journal Article

DOI

https://doi.org/10.1371/journal.pone.0162746

ProQuest document ID

1841158378

Document URL

https://www.proquest.com/scholarly-journals/optimizing-siem-throughput-on-cloud-using/docview/1841158378/se-2?accountid=208611

© 2016 Alam et al. This is an open access article distributed under the terms of the Creative Commons Attribution License: http://creativecommons.org/licenses/by/4.0/ (the “License”), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.

Last updated

2024-10-03

Database

ProQuest One Academic

Optimizing SIEM Throughput on the Cloud Using Parallelization

Content area

Abstract

Details