Name
Abstract | ||
|---|---|---|
This paper proposes a new approach to detecting aggregated anomalous events by correlating host file system changes across space and time. Our approach is based on a key observation that many host state transitions of interest have both temporal and spatial locality. Abnormal state changes, which may be hard to detect in isolation, become apparent when they are correlated with similar changes on other hosts. Based on this intuition, we have developed a method to detect similar, coincident changes to the patterns of file updates that are shared across multiple hosts. We have implemented this approach in a prototype system called Seurat and demonstrated its effectiveness using a combination of real workstation cluster traces, simulated attacks, and a manually launched Linux worm. |
Year | DOI | Venue |
|---|---|---|
2004 | 10.1007/978-3-540-30143-1_13 | Lecture Notes in Computer Science |
Keywords | Field | DocType |
anomaly detection,pointillism,correlation,file updates,clustering | Anomaly detection,File system,Locality,Pointillism,Computer science,Computer security,Workstation,Cluster analysis,Intrusion detection system,Coincident | Conference |
Volume | ISSN | Citations |
3224 | 0302-9743 | 23 |
PageRank | References | Authors |
1.94 | 22 | 5 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Yinglian Xie | 1 | 1140 | 76.73 |
| Hyangah Kim | 2 | 271 | 20.56 |
| David R. O'hallaron | 3 | 1243 | 126.28 |
| Michael K. Reiter | 4 | 8695 | 764.03 |
| Hui Zhang | 5 | 8856 | 1002.58 |