Real-time Event Analysis and Monitoring System

Network security is an integral part of any modern IT -Infrastructure. Recent trends show an increasing frequency and complexity of attacks in corporate IT systems. This makes the protection of these computer networks more complicated. The analysis of a single system is often not enough to detect all weaknesses, since the majority of prevalent weaknesses result from the interaction of multiple systems. Additionally, attackers are harder to defend against because they are performing more targeted attacks and use ever more sophisticated methods and hacking tools. A modern security system must be prepared against these challenges and must fulfill stringent requirements for high security of its IT-Infrastructure.

The HPI Real-time Event Analysis and Monitoring System (REAMS) is an implementation of such a security system. It has a variety of Gatherers that together create a comprehensive and unified dataset of network and event information used for more complex calculations. The  enormous amounts and complexity of gathered data have severely limited the development of such systems in the past. Now, by making use of in-memory databases, such as SAP HANA, and multi-core processing, the REAMS is capable of processing information in quantities previously not possible. On top, efficient analysis algorithms and modern visualization techniques on the dataset support IT-security experts in their difficult task of keeping companies’ networks safe from attackers.

Features

  • Detection of complex attack scenarios
  • In-Memory based platform with up to 2 TB of main memory
  • Multi-Core support with thousands of cores
  • Correlation of events from a variety of data sources
  • Utilization of environment information represented by attacks graphs
  • Ranking of complex alert dependency graphs
  • Visualization of attack scenarios and complex alert relations

Trying it

Feel free to write to Security-Analytics(at)hpi.uni-potsdam.de if you are interested or have any comments.

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.