Seurat: A Pointillist Approach to Anomaly Detection
作者: Yinglian Xie , Hyang-Ah Kim , David R. O’Hallaron , Michael K. Reiter , Hui Zhang
DOI: 10.1007/978-3-540-30143-1_13
关键词:
摘要: This paper proposes a new approach to detecting aggregated anomalous events by correlating host file system changes across space and time. Our is based on key observation that many state transitions of interest have both temporal spatial locality. Abnormal changes, which may be hard detect in isolation, become apparent when they are correlated with similar other hosts. Based this intuition, we developed method similar, coincident the patterns updates shared multiple We implemented prototype called Seurat demonstrated its effectiveness using combination real workstation cluster traces, simulated attacks, manually launched Linux worm.
springer.com
core.ac.uk
researchgate.net 
sci-hub.se 参考文章(27)
Aaron Schwartzbard, Anup K. Ghosh, A study in using neural networks for anomaly and misuse detection usenix security symposium. pp. 12- 12 ,(1999)
Andrew W. Moore, K-means and Hierarchical Clustering ,(2004)
Martin Fong, Alfonso Valdes, Dan Andersson, Heterogeneous Sensor Correlation: A Case Study of Live Traffic Analysis ,(2001)
Stephen E. Smaha, Daniel M. Teal, Steven R. Snapp, Tim Grance, The {DIDS} (Distributed Intrusion Detection System) Prototype usenix summer technical conference. ,(1992)
E. W. Forgy, Cluster analysis of multivariate data : efficiency versus interpretability of classifications Biometrics. ,vol. 21, pp. 768- 769 ,(1965)
Helen J. Wang, Yih-Chun Hu, Chun Yuan, Zheng Zhang, Yi-Min Wang, Friends troubleshooting network: towards privacy-preserving, automatic troubleshooting international workshop on peer to peer systems. ,vol. 3279, pp. 184- 194 ,(2004) , 10.1007/978-3-540-30183-7_18
Christopher Krügel, Thomas Toth, Clemens Kerer, Decentralized Event Correlation for Intrusion Detection international conference on information security and cryptology. ,vol. 2288, pp. 114- 131 ,(2001) , 10.1007/3-540-45861-1_10
David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, Julian Grizzard, John Levine, Henry Owen, HoneyStat: Local Worm Detection Using Honeypots recent advances in intrusion detection. pp. 39- 58 ,(2004) , 10.1007/978-3-540-30143-1_3
Peng Ning, Yun Cui, Douglas S. Reeves, Analyzing intensive intrusion alerts via correlation recent advances in intrusion detection. pp. 74- 94 ,(2002) , 10.1007/3-540-36084-0_5
Allen Gersho, Robert M. Gray, Vector Quantization and Signal Compression ,(1991)