METHOD OF DETECTING ANOMALOUS BEHAVIOUR IN A COMPUTER NETWORK

摘要

Method of detecting anomalous behaviour in a computer network comprising the steps of : monitoring network traffic flowing in a computer network system, authenticating users to which network packets of the network traffic are associated, extracting parameters associated to the network packets for each user, said parameters including at least the type (T) of network services, forming symbols based on a combination of one or more of said parameters, and modelling and analysing individual user behaviour based on sequences of occurrence of said symbols (S).