Seurat: A pointillist approach to anomaly detection

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3224, Issue , 2004, Pages 238-257

  Xie, Yinglian ^a   Kim, Hyang Ah ^a   O'Hallaron, David R ^a,b   Reiter, Michael K ^a,b   Zhang, Hui ^a,b  

^a Department of Computer Science ^*

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Anomaly detection; Clustering; Correlation; File updates; Pointillism

Indexed keywords

COMPUTER OPERATING SYSTEMS; CORRELATION METHODS; SIGNAL DETECTION;

ANOMALY DETECTION; CLUSTERING; FILE UPDATES; POINTILLISM; SIMULATED ATTACKS; STATE TRANSITIONS; TEMPORAL AND SPATIAL; WORKSTATION CLUSTERS;

INTRUSION DETECTION;

EID: 33745655877     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30143-1_13     Document Type: Article

References (35)

1. Porras, P.A., Neumann, P.C.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference. (1997)
2. Abad, C., Taylor, J., Sengul, C., Zhou, Y., Yurcik, W., Rowe, K.: Log Correlation for Intrusion Detection: A Proof of Concept. In: Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA (2003)
3. Kruegel, C., Toth, T., Kerer, C.: Decentralized Event Correlation for Intrusion Detection. In: International Conference on Information Security and Cryptology (ICISC). (2001)
4. Tripwire, Inc.: Tripwire, (http: //www.tripwire.com)
5. CERT Coordination Center: Overview of Attack Trends, http://www.cert.org/ archive/pdf/attack_trends.pdf(2002)
6. Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security and Privacy 1 (2003) 33-39
7. Pennington, A., Strunk, J., Griffin, J., Soules, C., Goodson, G., Ganger, G.: Storage-based intrusion detection: Watching storage activity for suspicious behavior. In: Proceedings of 12th USENIX Security Symposium, Washington, DC (2003)
8. Lehti, R., Virolainen, P.: AIDE - Advanced Intrusion Detection Environment, (http: // www.cs.tut.fi/~rammer/aide.html)
9. Berry, M.W., Drmac, Z., Jessup, E.R.: Matrices, vector spaces, and information retrieval. SIAM Review 41 (1999)
10. Kamber, M.: Data mining: Concepts and techniques. Morgan Kaufmann Publishers (2000)
11. Zhang, J., Tsui, F., Wagner, M.M., Hogan, W.R.: Detection of Outbreaks from Time Series Data Using Wavelet Transform. In: AMIA Fall Symp., Omni Press CD (2003) 748-752
12. Jolliffe, I.T.: Principle component analysis. Spring-Verlag, New York (1986)
13. Forgy, E.: Cluster analysis of multivariante data: Efficiency vs. Interpretability of classifications. Biometrics 21 (1965)
14. Gersho, A., Gray, R.: Vector Quantization and Signal Compresssion. Kluwer Academic Publishers (1992)
15. Moore, A.: K-means and Hierarchical Clustering, http://www.cs.cmu.edu/ ~awm/ tutorials/kmeans09.pdf (available upon request) (2001)
16. Symantec: Symantec Security Response, (http: //securityresponse.symantec. com)
17. F-Secure: F-Secure Security Information Center, (http://www.f-secure.com/ virus-info)
18. Whitehats, Inc.: Whitehats Network Security Resource, (http://www.whitehats. com)
19. PacketStorm: Packet Storm, (http: //www.packetstormsecurity.org)
20. SANS Institute: Lion Worm, http: //www.sans.org/y2k/lion.htm(2001)
21. Wagner, D., Dean, D.: Mimicry Attacks on Host-Based Intrusion Detection Systems. In: Proceedings of ACM Conference on Computer and Communications Security (CCS). (2002)
22. Trusted Computing Platform Alliance: Trusted Computing Platform Alliance, (http:// www.trustedcomputing.org)
23. Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: The Seventh USENIX Security Symposium. (1998)
24. Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An architecture for intrusion detection using autonomous agents. In: Proceedings of the 14th IEEE Computer Security Applications Conference. (1998)
25. Xie, Y., O'Hallaron, D.R., Reiter, M.K.: A Secure Distributed Search System. In: Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing. (2002)
26. Planetlab: PlanetLab. (http: //www.planet-lab.org)
27. Samhain Labs: Samhain. (http://la-samhna.de/samhain)
28. Pedestal Software: INTACT™. (http://www.pedestalsoftware.com/ products/intact)
29. Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford-Chen, S., Yip, R., Zerkle, D.: The Design of GrIDS: A Graph-Based Intrusion Detection System. Technical Report CSE-99-2, U.C. Davis Computer Science Department (1999)
30. White, G., Fisch, E., Pooch, U.: Cooperating security managers: A peer-based intrusion detection system. IEEE Network 10 (1994)
31. Snapp, S.R., Smaha, S.E., Teal, D.M., Grance, T.: The DIDS (distributed intrusion detection system) prototype. In: the Summer USENIX Conference, San Antonio, Texas, USENIX Association (1992) 227-233
32. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In: Recent Advances in Intrusion Detection, Volume 2212 of Lecture Notes in Computer Science, Springer-Verlag (2001)
33. Andersson, D., Fong, M., Valdes, A.: Heterogeneous Sensor Correlation: A Case Study of Live Traffic Analysis. Presented at IEEE Information Assurance Workshop (2002)
34. Ning, P., Cui, Y., Reeves, D.S.: Analyzing Intensive Intrusion Alerts Via Correlation. In: Recent Advances in Intrusion Detection, Volume 2516 of Lecture Notes in Computer Science, Springer-Verlag (2002)
35. Wang, H., Hu, Y., Yuan, C., Zhang, Z.: Friends Troubleshooting Network: Towards Privacy-Preserving, Automatic Troubleshooting. In: Proceedings of the 3rd International Workshop on Peer-to-Peer Systems (IPTPS). (2004)