An event-based platform for collaborative threats detection and monitoring
作者:
Highlights:
• We discuss the Semantic Room (SR) abstraction, which enables the construction of collaborative platforms for data aggregation and correlation aimed at early detecting attacks and frauds.
• We describe an SR for detecting port scanning by presenting two different implementations: one uses a centralized CEP engine (Esper) while the other employs a distributed one (Storm).
• We propose an SR for the monitoring of financial frauds which correlates information coming from Italian banks and other financial institutions; this SR also provides privacy-preserving mechanisms.
摘要
•We discuss the Semantic Room (SR) abstraction, which enables the construction of collaborative platforms for data aggregation and correlation aimed at early detecting attacks and frauds.•We describe an SR for detecting port scanning by presenting two different implementations: one uses a centralized CEP engine (Esper) while the other employs a distributed one (Storm).•We propose an SR for the monitoring of financial frauds which correlates information coming from Italian banks and other financial institutions; this SR also provides privacy-preserving mechanisms.
论文关键词:Collaborative information systems,Information systems monitoring,Event processing,Security threats,Fraud monitoring
论文评审过程:Received 5 November 2011, Revised 26 July 2013, Accepted 31 July 2013, Available online 27 August 2013.
论文官网地址:https://doi.org/10.1016/j.is.2013.07.005
