SPICES: Scalable Processing and mIning of Complex Events for Security-analytics
You are here: Home \ Projects \ SPICES

There is a clear need for expressive and powerful software technology that allows companies to detect and describe potential security problems in their systems based on certain sequences or certain collections of “business events”. These can be any type of event (messages sent, RFID scans,… ) for which a digital avatar exits. Once detected, certain accompanying “business actions” need to be executed (message send, SMS send,  …). SPICES proposes to conceive these sequences and CEP) language. Such a language allows for a declarative description of the patterns without having to resort on low level implementation technology.

The overall goal of SPICES is to design an open reusable platform centered around the notion of complex event processing that is specifically targeted towards security process monitoring.


There are different views on the way these abstract patterns come into existence. For some companies they need to be mined from large databases of previously logged business events, for others they need to be programmed by security domain experts. For yet others a combination of both is needed. Therefore SPICES envisions the design of a CEP language the patterns of which can be generated both by a machine learning algorithms as well as by security domain experts. Moreover, in the face of false positives, the semantics of the patterns may need to be slightly adapted while the system is running. In case of large numbers of false positives we can even speak of “concept drift” which may require a “re-mining” of the generated patterns. Even when this is the case, shutting down the security monitoring for executing such a long lasting operation is not an option. Security process monitoring is a continuous online activity.

SPICES aims to do research that will result in a next-generation CEP framework that addresses on the one hand, offline, automatic mining of CEP patterns from historical data (such as log files or event logs generated by IoT devices, operating systems and application servers), and on the other high-throughput processing of expressive event patterns on commodity hardware. To obtain these goals, the project will combine the expertise of a data mining team, a software engineering and programming language design team and a database and query optimization team.

Projects Partners

Projects Sponsors