cedmos is the Composite Event Detection and Monitoring System developed for DARPA by MCC. cedmos recognizes patterns of events called complex events according to user{ authored event speciications. cedmos is a general event processing technology that includes: a core infrastructure for event detection which implements a general, eecient event procesing model; a graphical programming environment for the creation and manipulation of composite event speciications; a detector generator, which takes composite event specii-cations and generates Java code to recognize the speciied composite events; and agent shells for rapid development of customized agents for event gathering, composite event detection, and dissemination of composite events. This paper gives the theoretical basis for the cedmos event processing model. The model is a restriction of a more general event processing model that takes into consideration a number of practical issues. In addition, issues that arose in the deployment of cedmos to some particular domains are discussed. Unlike many other event processing technologies, cedmos is not tied to databases or other technologies and can be applied to many diierent domains. CEDMOS 1 Motivation During the course of a military operation, there is a need to closely monitor the events that are transpiring in order to make timely and informed decisions. The events of interest are many and can originate from a wide variety of sources; e.g., intelligence reports, weather reports, satellite imagery, etc. The volume and variety of events results in an extremely challenging decision making problem, which entails more than simply monitoring for the occurrence of a particular event or a simple set of events. Complex event patterns, where each individual event can be temporally and spatially related to the others, can be the crucial items the decision maker needs. However, these patterns of events can often be masked due to the immense volume of information that ows to the decision maker. As a simpliied example (see Figures 1 through 3), consider the simpliied problem of trying to detect whether or not a particular region is in danger of being successfully invaded by the opposition forces. Suppose that there is a single event source which gives report of individual opposition force location and movements. We assume that the military commanders will have knowledge of the types and quantity of the opposing forces that would be required to mount a successful attack as well as their individual movement capabilities. Any opposition force that is smaller than …
[1]
Balachander Krishnamurthy,et al.
Yeast: A General Purpose Event-Action System
,
1995,
IEEE Trans. Software Eng..
[2]
Steven Waldbusser.
Remote Network Monitoring Management Information Base
,
1991,
RFC.
[3]
Sharma Chakravarthy,et al.
The HiPAC Project
,
1996,
Active Database Systems: Triggers and Rules For Advanced Database Processing.
[4]
Hamid Pirahesh,et al.
Alert: An Architecture for Transforming a Passive DBMS into an Active DBMS
,
1991,
VLDB.
[5]
Narain H. Gehani,et al.
Event specification in an active object-oriented database
,
1992,
SIGMOD '92.
[6]
David C. Luckham,et al.
An Event-Based Architecture Definition Language
,
1995,
IEEE Trans. Software Eng..
[7]
Rainer Unland,et al.
On the semantics of complex events in active database management systems
,
1999,
Proceedings 15th International Conference on Data Engineering (Cat. No.99CB36337).
[8]
Alejandro P. Buchmann,et al.
REACH: a REal-time, ACtive and Heterogeneous mediator system
,
1992,
IEEE Data Eng. Bull..
[9]
Sharma Chakravarthy,et al.
Composite Events for Active Databases: Semantics, Contexts and Detection
,
1994,
VLDB.