摘要 |
A method for detecting an attack in a computer network having a plurality of computers includes: receiving a plurality of warning messages from the computers, the warning messages being based on different types of anomalies in the computer network; comparing a number of warning messages from the plurality of received warning messages with a predetermined event threshold, the number of warning messages being based on a single type of anomaly in the computer network; and outputting an alarm signal if the number of warning messages based on the same type of anomaly in the computer network falls below the event threshold. |