Design and Implementation of SMS Based Anomalous Event Mitigation Process for Complex Event Processing Application

This paper describes the design and implementation of SMS based event mitigation for Complex Event Processing (CEP) application. The CAISER 𝑇𝑀 ’s CEP platform were used to develop event processing systems which detects and identiﬁes complex events based on patterns of previous and current lower order events. CAISER 𝑇𝑀 then generates mitigation action for anomalous events and executes them via 3 types of SMS based notiﬁcation. An implementation of the SMS based event mitigation in a CEP based Server Farm Monitoring system is also described in this paper. The performance of the event mitigation process using SMS is evaluated and described in this paper.


Introduction
Nowadays, the integration of smart sensors and actuators in surveillance system is increasing tremendously.The massive information from those sensors and devices can be simple and complex, where it is hard to keep track off [1].Thus, the Complex Event Processing (CEP) approach is used in detecting meaningful events effectively.CEP is a tool for analyzing and processing the sequence of complex events of information [2] from various of sources and producing fast mitigation action based on specific scenario to improve the operation, performance, and security [3], [4].It is a technology that can identify and solve problems in real time, thus improving the performance of business process, schedule and control processes, network monitoring, performance prediction, active monitoring, and intrusion detection [2].
CAISER  (Computer Assisted Intelligent Event Processor) [5], a CEP development tool developed by the Smart Engineering System Research Group (SESRG), can be used to develop CEP applications to manage and process hundreds of event, alarms, and notifications in business (purchase, payment, fraudulent transaction), scientific (Supervisory Control and Data Acquisition, Remote Monitoring), engineering (Building Management System, Factory Monitoring, Operation Monitoring), and domestic (home alarm system, community monitoring, elderly monitoring) sector.It can also  automatically generate and execute mitigation action for the anomalous event based on user settings and rules.CAISER  is innovative because it is a component based on CEP system development tool, which enables the improvement to CEP apps developed using CAISER  via the upgraded adapters itself, without the need to recompile the application again.CAISER  uses probabilistic rule-based system to sift through incoming raw event from event producers to identify and predict derived events and based on the user-defined knowledge base, it will generate and execute mitigation action for the detected events.

ICoSE Conference Proceedings
One of CAISER  's main applications is the Early Warning & Notification System (Sistem Notifikasi & Amaran Awal, SNAA  ), a CEP based network facility monitoring system developed using CAISER  for Perbadanan Putrajaya (PPJ).SNAA  has been successfully used to monitor the network facility (server farm, telecommunication rooms, network stability) for PPJ that manages Putrajaya (the Malaysian Government's administrative capital city) and directly benefitting more than 80,000 inhabitants of Putrajaya and all Malaysian government agencies and ministries in Putrajaya.The SNAA  has been in operation since 2013 without fail and runs 24 hours per day & 365 days per year.It processes in average 34 million sensor reading and thousands of events per day.

Event Mitigation Process via SMS
One of CAISER  's event mitigation adapter is the Short Messaging Service (SMS) notification adapter.There are three types of notification supported by CAISER  : (i) Type 0 (A 0 ): This type of notification is for the purpose of informing the user only.(iii) Type 2 (A 2 ): This type of notification instruct the server and receiver to execute mitigation action and to confirm back to CAISER  that the mitigation action was executed.Verification must be done within the stipulated time given. e.g.: ServerRoom.ArcondOff.Turn ON the auxiliary aircond unit within 10 minutes and Reply AX23 OK The receiver of A 2 must reply AX23 OK to the application server within 10 minutes, failure of doing so will force the server to initiate second layer event mitigation action.

Results and Discussion
A) Performance A 0 and A 1 ( 0 1 ) Figure 4 shows time latency of event notification via SMS.It is found that an average time for SMS notification received from detected event time is 3.95 minutes.This including internal processing time for event processing and internal processing time for transmitting SMS by Telco Provider.The event detection database used to perform this evaluation consist of more than 370 event detection rule and more than 400 action generation rules.We suspect that the high number Cinterion MC35I of rules might have  caused the performance of the system to degrade.We used the as the Global System for Mobile (GSM) modem to send the SMS from the system.
We observed that the performance of  0 1 for A 2 is statistically closed to A 0 and A 1 's( 0 1 ).The total time can be defined as T  =  0 1 +   +  1 0 , where   is the time taken from the operator to execute the instruction and  1 0 the time taken for the operator's confirmation message to reach the system.  is highly dependant on the user / receiver's time of action execution whereas  1 0 was observed to be statistically simillar to  0 1 .

Conclusion
The observed average latency of 3.95 minutes is acceptable for non-critcal applications such as for environment monitoring and building energy management.The design of the event mitigation action using the multilevel notification ( A 0 , A 1 , A 2 ) structure is unique to CAISER  and helps a lot in developing smart systems.In future, the notification system will be improved further to reduce the latency and we will also be developing a similar notification topology using telegram the open sourced social messaging application.

Acknowledgement
The authors would like to express their gratitude to the Government of Malaysia and National University of Malaysia for financing this research via the PRGS/1/2015/TK05/UKM/02/2 research grant.
Type 1 (A 1 ): This type of notification is to instruct the user or the receiver to execute mitigation action based on the instruction in the message.The receiver can be a human operator or a machine.e.g.: Server Room.Aircond Off.Turn ON the auxiliary aircond unit.DOI 10.18502/keg.v1i1.489