SlideShare uma empresa Scribd logo

Complex Event Processing

Transferir como PPT, PDF
Matthew Versaggi
Matthew Versaggi

Drools Complex Event Processing Example (Email author for the Code).

Software
1 de 13
CEP Overview 1. CEP Definitions and Terms 2. Use Case Example Architecture 3. Architecture of our Event(s) 4. CEP Patterns & Rules 5. Temporal Reasoning / Complexity of Rules 6. Implemented Rules 7. Allen’s (5 of 13) Temporal Operator Diagrams 8. Example Output ( & code overview), App Demo. 9. Forward Chaining Inference Engine 10. Backward Chaining Inference Engine 11. Comparison: Forward vs Backward Chaining
Complex Event Processing Dr. David Luckham's book "The Power of Events“ - 2002. Event Stream [ needle(s) in haystack(s) ]Event Stream [ needle(s) in haystack(s) ] Time Zero Time Infinity e1, e2, e3, e4, e5, e6, e7, e8 ,e9, e10, e11, e12, e13, e14, e15, e16, e17, e18, e19, e20, e21, e22, e23, …. Definitions: Events – “something of interest that happens”: (1) AccessAttempt, (2) DataAccessAttempt. Event Streams – “massive streams of data” (some important, most not). Temporal Reasoning – “reasoning over time, factoring in time during reasoning”. The computer must have a way to understand time and reason while incorporating it. Complex Event Processing – “the task of processing multiple events with the goal of identifying the meaningful events (over time) within the event cloud (stream).” * Detection of complex patterns of many events, * Event Correlation, Abstraction, and Hierarchies, * Relationships between events: (causality, membership, timing, etc…) Common Examples: * Stock Broker Application: Ticker Monitor * Our Example: Military ID Monitor System
Example Use Case: ID Events Processing Events: AccessAttempts and DataAccessAttempts OFFICE CAFE BARRACKS • No multiple logins permitted. • The only area where access to restricted data is permitted. • No logins from unknown origins permitted. • No repeat logon failures permitted. • No multiple logins permitted. • Accessing restricted data not permitted here • No repeat logon failures permitted. • No multiple logins permitted. • Accessing restricted data not permitted here. • No repeat logon failures permitted. UNKNOWN • No logins permitted from here at all. • No data access of any kind permitted from here. • Alert if multiple access failures emanate from here. CEP: TRACKING SYSTEM
Architecture of Events: (Java Objects) public class AccessAttempt { private String employeeId; private String location; private String computerId; private String action; private String result; ………. } // End Class LoginAttempt public class DataAccessAttempt { private String dataClassification; private String computerId; private String employeeId; ……. } // End Class DataAccessAttempt Correlated Attributes • employeeId • computerId private static final String LOGIN = "login"; private static final String LOGOUT = "logout"; private static final String SUCCESSFUL = "successful"; private static final String FAILURE = "failure"; private static final String TOPSECRET = "topsecret"; private static final String SECRET = "secret"; private static final String CLASSIFIED = "classified"; private static final String UNCLASSIFIED = "unclassified"; private static final String OFFICE = "office"; private static final String CAFE = "cafe"; private static final String BARRACKS = "barracks"; private static final String UNKNOWN = "unknown";
Complex Patterns – Our Example: Important, but not meaningful alone: Login / Logout – [normal, paired, properly sequenced, singleton] Data Access – [unclassified – anywhere known] Data Access: [classified, secret, top secret – with in the office, proper procedure] Important and Meaningful: – Trigger Alerts Data Access: [classified, secret, top secret – in any public area, or from unknown places] Login – from any unknown place. Multiple Logins of same ID from different places Repeat Login Failures (X failures over N minutes) Complex Event Processing Events: AccessAttempts and DataAccessAttempts
Expert Systems Rule Forward Chaining Inference Engine Complexity of Rules which reason using time (Temporal) Example: “Multiple Logins” [t0] [Event A – logIN ID: “234”, “Office”] [t+10m] [Event B – logIN ID: “234”, “Cafe’”] [t+30m] [Event C – logOUT ID: “234”, “Office”] Notes: Event A has to happened before Event B, but Event C cannot happen before Event B. Key Concepts: Temporal Operators: “not”, “before”, “after”… Accumulate : (reasoning over collections of data) Drools implements all 13 operators defined by Allen and also their logical complement (negation). • [ALLEN81] Allen, J.F..An Interval-based Representation of Temporal Knowledge. 1981. • [ALLEN83] Allen, J.F..Maintaining knowledge about temporal intervals. 1983. Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By.
Implemented Rules: Arch Types Patterns which raise alerts: 1. Concurrent logins (one ID can’t be in 2 places at the same time) 2. Multiple failed attempts during a specific time period for any location 3. Successful logins from any unknown locations 4. Any data access from any unknown location 5. Restricted data access from non-secure area (public areas) RULE EXAMPLE: rule "ALERT: Access of TopSecret Data from unkown Location" when $loginUnknown : AccessAttempt( location == "unknown", action == "login", $eid : employeeId, $cid : computerId, result == "successful") from entry-point "idsystem" $dataAccess : DataAccessAttempt( this after $loginUnknown, dataClassification == "topsecret", employeeId == $eid, computerId == $cid ) from entry-point "idsystem" then System.out.println("ALERT: TopSecret Data Breach -> [ " + $dataAccess + " ]"); end
Allen: Temporal Operator Diagrams Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By. Current vs Correlated Events: [Current: “Event of Focus” / Correlated: “Event that is related to”] Event A Event B Current Event: Correlated Event: AFTER Finishes Starts Event B Event ACurrent Event: Correlated Event: BEFORE Finishes Starts DURING Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Time Window: Mins, Hrs Event B Time 0 Time 00) Time Window: Mins, Hrs
Allen: Temporal Operator Diagrams Event B OVERLAPS Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By. Current vs Correlated Events: [Current: “Event of Focus” / Correlated: “Event that is related to”] Time Window: Mins, Hrs Event B INCLUDES Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Time Window: Mins, Hrs Time 0 Time 00)
CEP Sample Output Dec 08, 2014 12:54:13 PM com.military.idcard.IDCardEventExample main INFO: *********************************>>>> Drools CEP ID Card Example ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=secret, computerId=barracks3333, employeeId=3333] ] ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=classified, computerId=cafe2222, employeeId=2222] ] ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=topsecret, computerId=unknown, employeeId=4444] ] ALERT: Unknown Location Login -> [ Unknown Location ] : AccessAttempt [employeeId=4444, location=unknown, computerId=unknown, action=login, result=successful] ALERT: TopSecret Data Breach -> [ DataAccessAttempt [dataClassification=topsecret, computerId=unknown, employeeId=4444] ] ALERT: Multiple Logins: (Successful) -> [ 1st: Barracks and 2nd: cafe ] - ID: 2023 ALERT: Multiple Logins: (Successful) -> [ 1st: Cafe and 2nd: barracks ] - ID: 1023 ALERT: Multiple Logins: (Successful) -> [ 1st: Office and 2nd: cafe ] - ID: 4023 ALERT: Multiple Logins: (Successful) -> [ 1st: Office and 2nd: cafe ] - ID: 1123 ALERT: Multiple Logins: (Failures) -> CAFE 6 ALERT: Multiple Logins: (Failures) -> BARRACKS 5 ALERT: Breach Attempts - Multiple Failures: (UNKNOWN) 5
Forward Chaining Inference Engine
Backward Chaining Inference Engine
Forward vs Backward Chaining • Backward chaining (a la Prolog) is more like finding what initial conditions form a path to your goal. At a very basic level it is a backward search from your goal to find conditions that will fulfill it. • Backward chaining is used for interrogative applications (finding items that fulfill certain criteria) - one commercial example of a backward chaining application might be finding which insurance policies are covered by a particular reinsurance contract. • Forward chaining (a la Drools) matches conditions and then generates inferences from those conditions. These conditions can in turn match other rules. Basically, this takes a set of initial conditions and then draws all inferences it can from those conditions. • STUDY OF DIFFERENCE BETWEEN FORWARD AND BACKWARD REASONING http://www.ijetae.com/files/Volume2Issue10/IJETAE_1012_48.pdf • Forward chaining means applying rules in a forward direction: recursively applying the rules over data to generate more data (and applying the rules over that data... I have a member of po:Person... it must also be a member of foaf:Person... and so it must be a foaf:Agent and dc:Agent... and so...) • Backward chaining means applying rules in a backwards manner: taking a goal (e.g., a query) and recursively working backwards to find more data that can satisfy the goal (I'm looking for foaf:Agents... I should also look for dc:Agents and foaf:Persons and po:Persons...)

Recomendados

Applying complex event processing (2010-10-11)
Applying complex event processing (2010-10-11)Applying complex event processing (2010-10-11)
Applying complex event processing (2010-10-11)Geoffrey De Smet
 
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011Geoffrey De Smet
 
Osdc Complex Event Processing
Osdc Complex Event ProcessingOsdc Complex Event Processing
Osdc Complex Event ProcessingMichael Neale
 
Complex Event Processing - A brief overview
Complex Event Processing - A brief overviewComplex Event Processing - A brief overview
Complex Event Processing - A brief overviewIstván Dávid
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with EsperAntónio Alegria
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Alexandre Vasseur
 
Processing Flows of Information DEBS 2011
Processing Flows of Information DEBS 2011Processing Flows of Information DEBS 2011
Processing Flows of Information DEBS 2011Alessandro Margara
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with EsperMatthew McCullough
 

Recomendados

Applying complex event processing (2010-10-11)
Applying complex event processing (2010-10-11)Applying complex event processing (2010-10-11)
Applying complex event processing (2010-10-11)Geoffrey De Smet
 
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011
Applying CEP Drools Fusion - Drools jBPM Bootcamps 2011Geoffrey De Smet
 
Osdc Complex Event Processing
Osdc Complex Event ProcessingOsdc Complex Event Processing
Osdc Complex Event ProcessingMichael Neale
 
Complex Event Processing - A brief overview
Complex Event Processing - A brief overviewComplex Event Processing - A brief overview
Complex Event Processing - A brief overviewIstván Dávid
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with EsperAntónio Alegria
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Alexandre Vasseur
 
Processing Flows of Information DEBS 2011
Processing Flows of Information DEBS 2011Processing Flows of Information DEBS 2011
Processing Flows of Information DEBS 2011Alessandro Margara
 
Complex Event Processing with Esper
Complex Event Processing with EsperComplex Event Processing with Esper
Complex Event Processing with EsperMatthew McCullough
 
Using Schedules All Ages
Using Schedules All AgesUsing Schedules All Ages
Using Schedules All Agesscot ghead
 
Jarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference MethodsJarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference MethodsMustafa Jarrar
 
Parallel Complex Event Processing
Parallel Complex Event ProcessingParallel Complex Event Processing
Parallel Complex Event ProcessingKarol Grzegorczyk
 
Internet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusionInternet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusionBAINIDA
 
Rule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event ProcessingRule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event ProcessingChandra Divi
 
Expert system
Expert systemExpert system
Expert systemSagar Sharma
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Fabien Coppens
 
Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Adrian Paschke
 
Scalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBERScalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBERShuyi Chen
 
Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...Chris Haddad
 
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTEJBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTEtsurdilovic
 
Semantic Complex Event Processing
Semantic Complex Event ProcessingSemantic Complex Event Processing
Semantic Complex Event ProcessingAdrian Paschke
 
Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringVMware Tanzu
 
Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)William Farrell
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
DataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data StructuresDataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data StructuresHakka Labs
 
Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...Eric Sammer
 
Observability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architecturesObservability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architecturesBoyan Dimitrov
 
Mobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve MobileMobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve MobileKonstantin Loginov
 
Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3Gordon Morrison
 
Introducing Drools
Introducing DroolsIntroducing Drools
Introducing DroolsMario Fusco
 
The SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and ComputationThe SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and ComputationJean-Jacques Dubray
 

Mais conteúdo relacionado

Destaque

Using Schedules All Ages
Using Schedules All AgesUsing Schedules All Ages
Using Schedules All Agesscot ghead
 
Jarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference MethodsJarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference MethodsMustafa Jarrar
 
Parallel Complex Event Processing
Parallel Complex Event ProcessingParallel Complex Event Processing
Parallel Complex Event ProcessingKarol Grzegorczyk
 
Internet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusionInternet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusionBAINIDA
 
Rule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event ProcessingRule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event ProcessingChandra Divi
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Fabien Coppens
 
Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Adrian Paschke
 
Scalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBERScalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBERShuyi Chen
 
Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...Chris Haddad
 
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTEJBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTEtsurdilovic
 
Semantic Complex Event Processing
Semantic Complex Event ProcessingSemantic Complex Event Processing
Semantic Complex Event ProcessingAdrian Paschke
 

Destaque (12)

Using Schedules All Ages
Using Schedules All AgesUsing Schedules All Ages
Using Schedules All Ages
 
Jarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference MethodsJarrar: Propositional Logic Inference Methods
Jarrar: Propositional Logic Inference Methods
 
Parallel Complex Event Processing
Parallel Complex Event ProcessingParallel Complex Event Processing
Parallel Complex Event Processing
 
Internet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusionInternet of Things and Complex event processing (CEP)/Data fusion
Internet of Things and Complex event processing (CEP)/Data fusion
 
Rule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event ProcessingRule Engine Evaluation for Complex Event Processing
Rule Engine Evaluation for Complex Event Processing
 
Expert system
Expert systemExpert system
Expert system
 
Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?Complex Event Processing: What?, Why?, How?
Complex Event Processing: What?, Why?, How?
 
Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010Semantic Complex Event Processing at Sem Tech 2010
Semantic Complex Event Processing at Sem Tech 2010
 
Scalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBERScalable complex event processing on samza @UBER
Scalable complex event processing on samza @UBER
 
Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...Big data streams, Internet of Things, and Complex Event Processing Improve So...
Big data streams, Internet of Things, and Complex Event Processing Improve So...
 
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTEJBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
JBoss Drools and Drools Fusion (CEP): Making Business Rules react to RTE
 
Semantic Complex Event Processing
Semantic Complex Event ProcessingSemantic Complex Event Processing
Semantic Complex Event Processing
 

Semelhante a Complex Event Processing

Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringVMware Tanzu
 
Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)William Farrell
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016jtmelton
 
DataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data StructuresDataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data StructuresHakka Labs
 
Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...Eric Sammer
 
Observability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architecturesObservability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architecturesBoyan Dimitrov
 
Mobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve MobileMobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve MobileKonstantin Loginov
 
Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3Gordon Morrison
 
Introducing Drools
Introducing DroolsIntroducing Drools
Introducing DroolsMario Fusco
 
The SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and ComputationThe SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and ComputationJean-Jacques Dubray
 
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...The Art of The Event Streaming Application: Streams, Stream Processors and Sc...
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...confluent
 
Kakfa summit london 2019 - the art of the event-streaming app
Kakfa summit london 2019 - the art of the event-streaming appKakfa summit london 2019 - the art of the event-streaming app
Kakfa summit london 2019 - the art of the event-streaming appNeil Avery
 
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard World
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard WorldMonitoring Complex Systems: Keeping Your Head on Straight in a Hard World
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard WorldBrian Troutwine
 
Building a system for machine and event-oriented data with Rocana
Building a system for machine and event-oriented data with RocanaBuilding a system for machine and event-oriented data with Rocana
Building a system for machine and event-oriented data with RocanaTreasure Data, Inc.
 
Saltstack - Orchestration & Application Deployment
Saltstack - Orchestration & Application DeploymentSaltstack - Orchestration & Application Deployment
Saltstack - Orchestration & Application Deploymentinovex GmbH
 
DEVNET-1163 Data in Motion APIs
DEVNET-1163 Data in Motion APIsDEVNET-1163 Data in Motion APIs
DEVNET-1163 Data in Motion APIsCisco DevNet
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
SEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOpsSEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
 
Building a system for machine and event-oriented data - Data Day Seattle 2015
Building a system for machine and event-oriented data - Data Day Seattle 2015Building a system for machine and event-oriented data - Data Day Seattle 2015
Building a system for machine and event-oriented data - Data Day Seattle 2015Eric Sammer
 
Building a system for machine and event-oriented data - SF HUG Nov 2015
Building a system for machine and event-oriented data - SF HUG Nov 2015Building a system for machine and event-oriented data - SF HUG Nov 2015
Building a system for machine and event-oriented data - SF HUG Nov 2015Felicia Haggarty
 

Semelhante a Complex Event Processing (20)

Observability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with SpringObservability: Beyond the Three Pillars with Spring
Observability: Beyond the Three Pillars with Spring
 
Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)Building Hermetic Systems (without Docker)
Building Hermetic Systems (without Docker)
 
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
Building Self-Defending Applications With OWASP AppSensor JavaOne 2016
 
DataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data StructuresDataEngConf SF16 - Multi-temporal Data Structures
DataEngConf SF16 - Multi-temporal Data Structures
 
Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...Building a system for machine and event-oriented data - Velocity, Santa Clara...
Building a system for machine and event-oriented data - Velocity, Santa Clara...
 
Observability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architecturesObservability foundations in dynamically evolving architectures
Observability foundations in dynamically evolving architectures
 
Mobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve MobileMobile Developers Talks: Delve Mobile
Mobile Developers Talks: Delve Mobile
 
Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3Gordon morrison temporalengineering-delphi-v3
Gordon morrison temporalengineering-delphi-v3
 
Introducing Drools
Introducing DroolsIntroducing Drools
Introducing Drools
 
The SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and ComputationThe SAM Pattern: State Machines and Computation
The SAM Pattern: State Machines and Computation
 
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...The Art of The Event Streaming Application: Streams, Stream Processors and Sc...
The Art of The Event Streaming Application: Streams, Stream Processors and Sc...
 
Kakfa summit london 2019 - the art of the event-streaming app
Kakfa summit london 2019 - the art of the event-streaming appKakfa summit london 2019 - the art of the event-streaming app
Kakfa summit london 2019 - the art of the event-streaming app
 
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard World
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard WorldMonitoring Complex Systems: Keeping Your Head on Straight in a Hard World
Monitoring Complex Systems: Keeping Your Head on Straight in a Hard World
 
Building a system for machine and event-oriented data with Rocana
Building a system for machine and event-oriented data with RocanaBuilding a system for machine and event-oriented data with Rocana
Building a system for machine and event-oriented data with Rocana
 
Saltstack - Orchestration & Application Deployment
Saltstack - Orchestration & Application DeploymentSaltstack - Orchestration & Application Deployment
Saltstack - Orchestration & Application Deployment
 
DEVNET-1163 Data in Motion APIs
DEVNET-1163 Data in Motion APIsDEVNET-1163 Data in Motion APIs
DEVNET-1163 Data in Motion APIs
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE
 
SEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOpsSEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOps
 
Building a system for machine and event-oriented data - Data Day Seattle 2015
Building a system for machine and event-oriented data - Data Day Seattle 2015Building a system for machine and event-oriented data - Data Day Seattle 2015
Building a system for machine and event-oriented data - Data Day Seattle 2015
 
Building a system for machine and event-oriented data - SF HUG Nov 2015
Building a system for machine and event-oriented data - SF HUG Nov 2015Building a system for machine and event-oriented data - SF HUG Nov 2015
Building a system for machine and event-oriented data - SF HUG Nov 2015
 

Último

tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrandmasabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 

Último (20)

tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

Complex Event Processing

  • 1. CEP Overview 1. CEP Definitions and Terms 2. Use Case Example Architecture 3. Architecture of our Event(s) 4. CEP Patterns & Rules 5. Temporal Reasoning / Complexity of Rules 6. Implemented Rules 7. Allen’s (5 of 13) Temporal Operator Diagrams 8. Example Output ( & code overview), App Demo. 9. Forward Chaining Inference Engine 10. Backward Chaining Inference Engine 11. Comparison: Forward vs Backward Chaining
  • 2. Complex Event Processing Dr. David Luckham's book "The Power of Events“ - 2002. Event Stream [ needle(s) in haystack(s) ]Event Stream [ needle(s) in haystack(s) ] Time Zero Time Infinity e1, e2, e3, e4, e5, e6, e7, e8 ,e9, e10, e11, e12, e13, e14, e15, e16, e17, e18, e19, e20, e21, e22, e23, …. Definitions: Events – “something of interest that happens”: (1) AccessAttempt, (2) DataAccessAttempt. Event Streams – “massive streams of data” (some important, most not). Temporal Reasoning – “reasoning over time, factoring in time during reasoning”. The computer must have a way to understand time and reason while incorporating it. Complex Event Processing – “the task of processing multiple events with the goal of identifying the meaningful events (over time) within the event cloud (stream).” * Detection of complex patterns of many events, * Event Correlation, Abstraction, and Hierarchies, * Relationships between events: (causality, membership, timing, etc…) Common Examples: * Stock Broker Application: Ticker Monitor * Our Example: Military ID Monitor System
  • 3. Example Use Case: ID Events Processing Events: AccessAttempts and DataAccessAttempts OFFICE CAFE BARRACKS • No multiple logins permitted. • The only area where access to restricted data is permitted. • No logins from unknown origins permitted. • No repeat logon failures permitted. • No multiple logins permitted. • Accessing restricted data not permitted here • No repeat logon failures permitted. • No multiple logins permitted. • Accessing restricted data not permitted here. • No repeat logon failures permitted. UNKNOWN • No logins permitted from here at all. • No data access of any kind permitted from here. • Alert if multiple access failures emanate from here. CEP: TRACKING SYSTEM
  • 4. Architecture of Events: (Java Objects) public class AccessAttempt { private String employeeId; private String location; private String computerId; private String action; private String result; ………. } // End Class LoginAttempt public class DataAccessAttempt { private String dataClassification; private String computerId; private String employeeId; ……. } // End Class DataAccessAttempt Correlated Attributes • employeeId • computerId private static final String LOGIN = "login"; private static final String LOGOUT = "logout"; private static final String SUCCESSFUL = "successful"; private static final String FAILURE = "failure"; private static final String TOPSECRET = "topsecret"; private static final String SECRET = "secret"; private static final String CLASSIFIED = "classified"; private static final String UNCLASSIFIED = "unclassified"; private static final String OFFICE = "office"; private static final String CAFE = "cafe"; private static final String BARRACKS = "barracks"; private static final String UNKNOWN = "unknown";
  • 5. Complex Patterns – Our Example: Important, but not meaningful alone: Login / Logout – [normal, paired, properly sequenced, singleton] Data Access – [unclassified – anywhere known] Data Access: [classified, secret, top secret – with in the office, proper procedure] Important and Meaningful: – Trigger Alerts Data Access: [classified, secret, top secret – in any public area, or from unknown places] Login – from any unknown place. Multiple Logins of same ID from different places Repeat Login Failures (X failures over N minutes) Complex Event Processing Events: AccessAttempts and DataAccessAttempts
  • 6. Expert Systems Rule Forward Chaining Inference Engine Complexity of Rules which reason using time (Temporal) Example: “Multiple Logins” [t0] [Event A – logIN ID: “234”, “Office”] [t+10m] [Event B – logIN ID: “234”, “Cafe’”] [t+30m] [Event C – logOUT ID: “234”, “Office”] Notes: Event A has to happened before Event B, but Event C cannot happen before Event B. Key Concepts: Temporal Operators: “not”, “before”, “after”… Accumulate : (reasoning over collections of data) Drools implements all 13 operators defined by Allen and also their logical complement (negation). • [ALLEN81] Allen, J.F..An Interval-based Representation of Temporal Knowledge. 1981. • [ALLEN83] Allen, J.F..Maintaining knowledge about temporal intervals. 1983. Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By.
  • 7. Implemented Rules: Arch Types Patterns which raise alerts: 1. Concurrent logins (one ID can’t be in 2 places at the same time) 2. Multiple failed attempts during a specific time period for any location 3. Successful logins from any unknown locations 4. Any data access from any unknown location 5. Restricted data access from non-secure area (public areas) RULE EXAMPLE: rule "ALERT: Access of TopSecret Data from unkown Location" when $loginUnknown : AccessAttempt( location == "unknown", action == "login", $eid : employeeId, $cid : computerId, result == "successful") from entry-point "idsystem" $dataAccess : DataAccessAttempt( this after $loginUnknown, dataClassification == "topsecret", employeeId == $eid, computerId == $cid ) from entry-point "idsystem" then System.out.println("ALERT: TopSecret Data Breach -> [ " + $dataAccess + " ]"); end
  • 8. Allen: Temporal Operator Diagrams Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By. Current vs Correlated Events: [Current: “Event of Focus” / Correlated: “Event that is related to”] Event A Event B Current Event: Correlated Event: AFTER Finishes Starts Event B Event ACurrent Event: Correlated Event: BEFORE Finishes Starts DURING Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Time Window: Mins, Hrs Event B Time 0 Time 00) Time Window: Mins, Hrs
  • 9. Allen: Temporal Operator Diagrams Event B OVERLAPS Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Temporal Operators: (1) Before, (2) After, (3) Coincides, (4) During, (5) Finishes, (6) Finished By, (7) Includes, (8) Meets, (9) Met By, (10) Overlaps, (11) Overlapped By, (12) Starts, (13) Started By. Current vs Correlated Events: [Current: “Event of Focus” / Correlated: “Event that is related to”] Time Window: Mins, Hrs Event B INCLUDES Current Event: Correlated Event: Starts Event B Finishes Event A Starts Event A Finishes Time Window: Mins, Hrs Time 0 Time 00)
  • 10. CEP Sample Output Dec 08, 2014 12:54:13 PM com.military.idcard.IDCardEventExample main INFO: *********************************>>>> Drools CEP ID Card Example ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=secret, computerId=barracks3333, employeeId=3333] ] ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=classified, computerId=cafe2222, employeeId=2222] ] ALERT: Restricted Data Breach -> [ DataAccessAttempt [dataClassification=topsecret, computerId=unknown, employeeId=4444] ] ALERT: Unknown Location Login -> [ Unknown Location ] : AccessAttempt [employeeId=4444, location=unknown, computerId=unknown, action=login, result=successful] ALERT: TopSecret Data Breach -> [ DataAccessAttempt [dataClassification=topsecret, computerId=unknown, employeeId=4444] ] ALERT: Multiple Logins: (Successful) -> [ 1st: Barracks and 2nd: cafe ] - ID: 2023 ALERT: Multiple Logins: (Successful) -> [ 1st: Cafe and 2nd: barracks ] - ID: 1023 ALERT: Multiple Logins: (Successful) -> [ 1st: Office and 2nd: cafe ] - ID: 4023 ALERT: Multiple Logins: (Successful) -> [ 1st: Office and 2nd: cafe ] - ID: 1123 ALERT: Multiple Logins: (Failures) -> CAFE 6 ALERT: Multiple Logins: (Failures) -> BARRACKS 5 ALERT: Breach Attempts - Multiple Failures: (UNKNOWN) 5
  • 13. Forward vs Backward Chaining • Backward chaining (a la Prolog) is more like finding what initial conditions form a path to your goal. At a very basic level it is a backward search from your goal to find conditions that will fulfill it. • Backward chaining is used for interrogative applications (finding items that fulfill certain criteria) - one commercial example of a backward chaining application might be finding which insurance policies are covered by a particular reinsurance contract. • Forward chaining (a la Drools) matches conditions and then generates inferences from those conditions. These conditions can in turn match other rules. Basically, this takes a set of initial conditions and then draws all inferences it can from those conditions. • STUDY OF DIFFERENCE BETWEEN FORWARD AND BACKWARD REASONING http://www.ijetae.com/files/Volume2Issue10/IJETAE_1012_48.pdf • Forward chaining means applying rules in a forward direction: recursively applying the rules over data to generate more data (and applying the rules over that data... I have a member of po:Person... it must also be a member of foaf:Person... and so it must be a foaf:Agent and dc:Agent... and so...) • Backward chaining means applying rules in a backwards manner: taking a goal (e.g., a query) and recursively working backwards to find more data that can satisfy the goal (I'm looking for foaf:Agents... I should also look for dc:Agents and foaf:Persons and po:Persons...)