Professional Documents
Culture Documents
Dynamic Complex Event Processing - Adaptive Rule Engine: Bhargavi R, Ravi Pathak, Vaidehi V
Dynamic Complex Event Processing - Adaptive Rule Engine: Bhargavi R, Ravi Pathak, Vaidehi V
Dynamic Complex Event Processing - Adaptive Rule Engine: Bhargavi R, Ravi Pathak, Vaidehi V
Abstract — Recently Complex Event Processing has emerged as agents (EPA) and a set of event sinks or event listeners. Event
a lightweight way to monitor multiple data streams to identify Processing Agents are continuous queries or signatures of
events or patterns of interest. Complex Event Processing is a rule patterns which perform CEP tasks like filtering, aggregating
based technology. Rules which represent the patterns of interest and correlating events or searching for event patterns. EPAs
are defined by domain experts. Existing CEP engines have interface with event sources, event listeners and some times
limitation on addition, deletion and modification of rules. Rules other EPAs. The implementation of any CEP application
are configured initially once and are not changed later. Some of consists of three steps: First, all the event sources are
the engines support initial configuration and occasionally support registered at the system, next all EPAs are defined on the
addition of rules at runtime using the polling mechanism. This event sources and finally, event listeners are registered and
paper proposes a dynamic CEP by making the rule engine
attached or connected to the corresponding EPAs. Once a CEP
adaptive by using Event driven or push based approach for
application has been deployed and started, no changes in the
updating the rules dynamically in the Complex Event Processing
System at runtime. Event driven approach facilitates
event sources or listeners or EPAs are expected. Based on this
Knowledgebase to update rules without polling or observing any most of the existing CEP engines have limitation on addition
resource and hence enhances the system performance. The or modification of rules. Rules are configured initially once
resulting CEP engine with dynamic infrastructure facilitates easy and are not changed later. In CEP reasoning is done using a
addition and deletion of the rules in an easy and efficient way. reactive EPAs/rule-based inference engine designed to deal
Index Terms— Complex Event Processing, Event Driven with a continuous stream of real-time event objects. Rules are
Architecture, Rule Based Expert System, Knowledgebase, data defined by domain experts. The system is initially configured
streams. with all the rules which define the complex events or patterns
to be identified and alerted. These domain experts need to
provide the set of basic events which serves as input to the
I. INTRODUCTION rule, their interrelationships, and the parameters of the events
Many of the distributed applications require continuous that determine the complex event. Providing all the required
monitoring and processing of information or data in a timely details is a hard task, even for experts. In addition, rules may
fashion as it flows from periphery to the system. Intrusion change over time, due to the dynamic nature of the
detection in surveillance, detection of fraudulent credit card application. This paper proposes improvements to CEP
usage, stock market analysis, healthcare monitoring are few technology by making changes to behavior of the
such applications. The key requirements of all these infrastructure dynamic. The proposed dynamic rule updation
applications are - early identification of an event or situation addresses the above mentioned issue.
of interest and quick response generation. Complex Event The core of CEP engine is a rule based Expert System
Processing Technology is being used recently to address the which is also widely used for decision making in Artificial
requirements of such time critical applications. Complex event Intelligent systems. From the most popular expert systems
processing not only perform traditional database and data DENDRAL [18] and MYCIN [19] to the present days
mining processes such as data validation, cleaning, enrichment Business Rule Management System rule based expert system
and analysis, but can also query, filter and transform data from are still marking their excellence. The major challenges in
multiple sensors to enable events to be detected in real time. Rule based Expert Systems are Knowledge Representations,
They provide the ability to automate pattern monitoring, Knowledge, Facts and Rules or Policies Management. In this
which allows events to be correlated so that event response paper we are proposing an event driven solution to dynamic
mechanisms can be developed and critical events can be rule updating in Rule based Expert system.
isolated so that efficient remediation can be taken. Recently,
CEP is used in several monitoring solutions like analyze stock Rest of the paper is organized as follows: Section II gives
markets, search for fraudulent use of credit cards or mobile the related study. Section III explains the proposed model.
phones and perform forecasting in traffic networks or power Section IV gives the implementation details. Performance of
grids [11] – [14]. CEP infrastructure consists of three main the proposed method is discussed in Section V and Section VI
components: a set of event sources, a set of event processing has the conclusion.
190
2013 International Conference on Recent Trends in Information Technology (ICRTIT)
Condition can be simple logical, relation or spatiotemporal Following are the functions of the proposed components:
relations across different events. An action is any reactive
action like sending SMS/email, or sending an alert etc, to be Expert Interface: It is a user interface which interacts with
taken on the occurrence of event of interest. experts and Knowledge Engineer to create new rules. Rules
Knowledge Base: Knowledge base is the repository of all the are entered in the specific format.
knowledge of the application. Knowledge base contains rules
or policies to be applied on the inputs coming from different Update Event Source: Update event source is responsible for
sources for its applicability, processes, functions and type generating the knowledge update event. This module lies in
between Expert Interface and Knowledge Listener.
models.
Working Memory: Working Memory is the short term memory Knowledge Event: Knowledge Event is an event object
which keeps recent data for querying and processing the input instance. Knowledge event triggers the Knowledge Base
data with respect to temporal data. update.
Inference Engine: Inference Engine is the reasoning module. It
Knowledge Listener: The Knowledge Base acts like a
has the functional units corresponding to all the rules. These
Knowledge Listener interface. It listens to the Knowledge
functional or processing modules are called as processing
event, and updates the Knowledge Base. This module uses the
agents. Each processing agent is associated with one or more
rules given by the expert in the Expert Interface and creates a
input streams and a sink or listener. Matching of the input data
knowledge package instance and adds it to the knowledge
or facts against the rules stored in the knowledge is done by
Base. Thus the rule base is updated dynamically.
inference engine. Working memory is used by the inference
engine for storing the required data. The engine executes by
Steps for dynamic rule updating:
performing the following match-resolve-act cycle.
1. Enter and submit the new rules to be added in the
• Match: In this first phase, the conditions of all rules Expert Interface.
are matched against the data in the working memory. 2. Generate Knowledge Event instance. Knowledge event
As a result a conflict set is obtained, which consists of instance has all the needed information for creating the
objects of all satisfied rules. new rule.
• Conflict-Resolution: In this second phase, one of the 3. Knowledge Lister gets notified on the Knowledge
rule objects in the conflict set is chosen for execution. event occurrence.
If no rules are satisfied, the engine waits for next input 4. Create knowledge package with the information
from user. collected from the Knowledge event.
• Act: In this third phase, the actions of the rules 5. Add the knowledge package to the Knowledge base.
selected in the conflict-resolution phase are executed. 6. Knowledge base is updated with the new rules as
These actions may change the contents of working added knowledge package.
memory. At the end of this phase, execution returns to
the first phase. The proposed architecture for the rule engine is highly
scalable. Consider big enterprises where huge streams of input
User Interface: User Interface is a GUI (Graphical User data generated every second and there are several rules to be
Interface) for the user is to interact with the system giving executed. A distributed CEP system with multiple CEP rule
inputs to the system and getting the experts decision as output. engines with each rule engine working with a subset of rules
191
2013 International Conference on Recent Trends in Information Technology (ICRTIT)
can be used to get better performance. In such a scenario there are send to Knowledge Listener and later gets added to
may be a subset of rule engines working with different the Knowledgebase.
knowledge bases and a subset of rule engines with multiple
replicas of the same knowledge base. 3. User Interface for adding dynamic rules: To support user
The proposed Event driven dynamic rule engine can be friendliness, a user interface is provided using which
easily scaled to update several knowledge or rule bases users/experts browse, add and compile the new rules
simultaneously in the above mentioned distributed before being added to the knowledge base.
environment. Following are the steps involved in the process:
V. EXPERIMENTAL SETUP AND VALIDATION
1. All Knowledge Listeners gets registered to registry at
Knowledge Source. The proposed event driven dynamic rule engine is validated
2. Knowledge Source gets the list of all Knowledge with tele-healthcare monitoring application.
Listeners by querying its registry.
3. Whenever Expert defines rules on the Expert Interface
and submits the rules Knowledge Event is generated.
4. The knowledge event notifies all the Knowledge
Listeners and there rule bases are updated
simultaneously.
192
2013 International Conference on Recent Trends in Information Technology (ICRTIT)
193
2013 International Conference on Recent Trends in Information Technology (ICRTIT)
194