Skip to main content

Seurat: A pointillist approach to anomaly detection

Publication ,  Journal Article
Xie, Y; Kim, HA; O'Hallaron, DR; Reiter, MK; Zhang, H
Published in: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
January 1, 2004

This paper proposes a new approach to detecting aggregated anomalous events by correlating host file system changes across space and time. Our approach is based on a key observation that many host state transitions of interest have both temporal and spatial locality. Abnormal state changes, which may be hard to detect in isolation, become apparent when they are correlated with similar changes on other hosts. Based on this intuition, we have developed a method to detect similar, coincident changes to the patterns of file updates that are shared across multiple hosts. We have implemented this approach in a prototype system called Seurat and demonstrated its effectiveness using a combination of real workstation cluster traces, simulated attacks, and a manually launched Linux worm. © Springer-Verlag 2004.

Duke Scholars

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2004

Volume

3224

Start / End Page

238 / 257

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Xie, Y., Kim, H. A., O’Hallaron, D. R., Reiter, M. K., & Zhang, H. (2004). Seurat: A pointillist approach to anomaly detection. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3224, 238–257. https://doi.org/10.1007/978-3-540-30143-1_13
Xie, Y., H. A. Kim, D. R. O’Hallaron, M. K. Reiter, and H. Zhang. “Seurat: A pointillist approach to anomaly detection.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 3224 (January 1, 2004): 238–57. https://doi.org/10.1007/978-3-540-30143-1_13.
Xie Y, Kim HA, O’Hallaron DR, Reiter MK, Zhang H. Seurat: A pointillist approach to anomaly detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2004 Jan 1;3224:238–57.
Xie, Y., et al. “Seurat: A pointillist approach to anomaly detection.” Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3224, Jan. 2004, pp. 238–57. Scopus, doi:10.1007/978-3-540-30143-1_13.
Xie Y, Kim HA, O’Hallaron DR, Reiter MK, Zhang H. Seurat: A pointillist approach to anomaly detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). 2004 Jan 1;3224:238–257.

Published In

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

DOI

EISSN

1611-3349

ISSN

0302-9743

Publication Date

January 1, 2004

Volume

3224

Start / End Page

238 / 257

Related Subject Headings

  • Artificial Intelligence & Image Processing
  • 46 Information and computing sciences