Title:  Ultrafast Security Event Processing for SIEM Systems
 
Abstract
 
This talk describes a new technique for fast submatch extraction for
regular expressions and its application to improving the performance
of event processing in Security Information and Event Management
(SIEM) systems.  A capturing group is a syntax used in modern regular
expression implementations to specify a subexpression of a regular
expression. Given a string that matches the regular expression,
submatch extraction is the process of extracting the substrings
corresponding to those subexpressions. Our experimental results show
an approximate 2.5 fold improvement over Java's backtracking based
regular expression library on a typical SIEM problem.
 
Bio
 
Dr. Bill Horne is a Research Manager in the Cloud and Security Lab of
Hewlett-Packard Laboratories, where he directs research on systems and
network security, cryptography, privacy and risk management, and is
responsible for transferring security technology developed in HP Labs
to customers and business units.