{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T08:09:44Z","timestamp":1769069384090,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540231233","type":"print"},{"value":"9783540301431","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_13","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"238-257","source":"Crossref","is-referenced-by-count":16,"title":["Seurat: A Pointillist Approach to Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Yinglian","family":"Xie","sequence":"first","affiliation":[]},{"given":"Hyang-Ah","family":"Kim","sequence":"additional","affiliation":[]},{"given":"David R.","family":"O\u2019Hallaron","sequence":"additional","affiliation":[]},{"given":"Michael K.","family":"Reiter","sequence":"additional","affiliation":[]},{"given":"Hui","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference (1997)"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Abad, C., Taylor, J., Sengul, C., Zhou, Y., Yurcik, W., Rowe, K.: Log Correlation for Intrusion Detection: A Proof of Concept. In: Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, USA (2003)","DOI":"10.1109\/CSAC.2003.1254330"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T., Kerer, C.: Decentralized Event Correlation for Intrusion Detection. In: International Conference on Information Security and Cryptology, ICISC (2001)","DOI":"10.1007\/3-540-45861-1_10"},{"key":"13_CR4","unstructured":"Tripwire, Inc.: Tripwire, http:\/\/www.tripwire.com"},{"key":"13_CR5","unstructured":"CERT Coordination Center: Overview of Attack Trends, http:\/\/www.cert.org\/archive\/pdf\/attack_trends.pdf (2002)"},{"key":"13_CR6","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D. Moore","year":"2003","unstructured":"Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security and Privacy\u00a01, 33\u201339 (2003)","journal-title":"IEEE Security and Privacy"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Pennington, A., Strunk, J., Griffin, J., Soules, C., Goodson, G., Ganger, G.: Storage-based intrusion detection: Watching storage activity for suspicious behavior. In: Proceedings of 12th USENIX Security Symposium, Washington, DC (2003)","DOI":"10.21236\/ADA461142"},{"key":"13_CR8","unstructured":"Lehti, R., Virolainen, P.: AIDE - Advanced Intrusion Detection Environment, http:\/\/www.cs.tut.fi\/~rammer\/aide.html"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Berry, M.W., Drmac, Z., Jessup, E.R.: Matrices, vector spaces, and information retrieval. SIAM Review\u00a041 (1999)","DOI":"10.1137\/S0036144598347035"},{"key":"13_CR10","volume-title":"Data mining: Concepts and techniques","author":"M. Kamber","year":"2000","unstructured":"Kamber, M.: Data mining: Concepts and techniques. Morgan Kaufmann Publishers, San Francisco (2000)"},{"key":"13_CR11","unstructured":"Zhang, J., Tsui, F., Wagner, M.M., Hogan, W.R.: Detection of Outbreaks from Time Series Data Using Wavelet Transform. In: AMIA Fall Symp., pp. 748\u2013752. Omni Press CD (2003)"},{"key":"13_CR12","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-1904-8","volume-title":"Principle component analysis","author":"I.T. Jolliffe","year":"1986","unstructured":"Jolliffe, I.T.: Principle component analysis. Springer, New York (1986)"},{"key":"13_CR13","unstructured":"Forgy, E.: Cluster analysis of multivariante data: Efficiency vs. Interpretability of classifications. Biometrics\u00a021 (1965)"},{"key":"13_CR14","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4615-3626-0","volume-title":"Vector Quantization and Signal Compresssion","author":"A. Gersho","year":"1992","unstructured":"Gersho, A., Gray, R.: Vector Quantization and Signal Compresssion. Kluwer Academic Publishers, Dordrecht (1992)"},{"key":"13_CR15","unstructured":"Moore, A.: K-means and Hierarchical Clustering, http:\/\/www.cs.cmu.edu\/~awm\/tutorials\/kmeans09.pdf (available upon request) (2001)"},{"key":"13_CR16","unstructured":"Symantec: Symantec Security Response, http:\/\/securityresponse.symantec.com"},{"key":"13_CR17","unstructured":"F-Secure: F-Secure Security Information Center, http:\/\/www.f-secure.com\/virus-info"},{"key":"13_CR18","unstructured":"Whitehats, Inc.: Whitehats Network Security Resource, http:\/\/www.whitehats.com"},{"key":"13_CR19","unstructured":"PacketStorm: Packet Storm, http:\/\/www.packetstormsecurity.org"},{"key":"13_CR20","unstructured":"SANS Institute: Lion Worm, http:\/\/www.sans.org\/y2k\/lion.htm (2001)"},{"key":"13_CR21","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Mimicry Attacks on Host-Based Intrusion Detection Systems. In: Proceedings of ACMConference on Computer and Communications Security, CCS (2002)","DOI":"10.1145\/586110.586145"},{"key":"13_CR22","unstructured":"Trusted Computing Platform Alliance: Trusted Computing Platform Alliance, http:\/\/www.trustedcomputing.org"},{"key":"13_CR23","unstructured":"Schneier, B., Kelsey, J.: Cryptographic Support for Secure Logs on Untrusted Machines. In: The Seventh USENIX Security Symposium (1998)"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An architecture for intrusion detection using autonomous agents. In: Proceedings of the 14th IEEE Computer Security Applications Conference (1998)","DOI":"10.1109\/CSAC.1998.738563"},{"key":"13_CR25","unstructured":"Xie, Y., O\u2019Hallaron, D.R., Reiter, M.K.: A Secure Distributed Search System. In: Proceedings of the 11th IEEE International Symposium on High Performance Distributed Computing (2002)"},{"key":"13_CR26","unstructured":"Planetlab: PlanetLab, http:\/\/www.planet-lab.org"},{"key":"13_CR27","unstructured":"Samhain Labs: Samhain, http:\/\/la-samhna.de\/samhain"},{"key":"13_CR28","unstructured":"Pedestal Software: INTACTTM, http:\/\/www.pedestalsoftware.com\/products\/intact"},{"key":"13_CR29","unstructured":"Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Rowe, J., Staniford- Chen, S., Yip, R., Zerkle, D.: The Design of GrIDS: A Graph-Based Intrusion Detection System. Technical Report CSE-99-2, U.C. Davis Computer Science Department (1999)"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"White, G., Fisch, E., Pooch, U.: Cooperating security managers: A peer-based intrusion detection system. IEEE Network\u00a010 (1994)","DOI":"10.1109\/65.484228"},{"key":"13_CR31","unstructured":"Snapp, S.R., Smaha, S.E., Teal, D.M., Grance, T.: The DIDS (distributed intrusion detection system) prototype. In: The Summer USENIX Conference, San Antonio, Texas, USENIX Association, pp. 227\u2013233 (1992)"},{"key":"13_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/3-540-45474-8_4","volume-title":"Recent Advances in Intrusion Detection","author":"A. Valdes","year":"2001","unstructured":"Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., M\u00e9, L., Wespi, A. (eds.) RAID 2001. LNCS, vol.\u00a02212, p. 54. Springer, Heidelberg (2001)"},{"key":"13_CR33","unstructured":"Andersson, D., Fong, M., Valdes, A.: Heterogeneous Sensor Correlation: A Case Study of Live Traffic Analysis. Presented at IEEE Information Assurance Workshop (2002)"},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36084-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"P. Ning","year":"2002","unstructured":"Ning, P., Cui, Y., Reeves, D.S.: Analyzing Intensive Intrusion Alerts Via Correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, Springer, Heidelberg (2002)"},{"key":"13_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-540-30183-7_18","volume-title":"Peer-to-Peer Systems III","author":"H.J. Wang","year":"2005","unstructured":"Wang, H.J., Hu, Y.-C., Yuan, C., Zhang, Z., Wang, Y.-M.: Friends troubleshooting network: Towards privacy-preserving, automatic troubleshooting. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol.\u00a03279, pp. 184\u2013194. Springer, Heidelberg (2005)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_13.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T22:37:12Z","timestamp":1740523032000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2004]]}}}