发明名称 |
Intrusion detection method and system |
摘要 |
<p>Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps:
creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities;
creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system;
comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match;
capturing assurance data from monitoring of the targeted perimeter
comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match
retrieving the preconditions of the generated security alert
checking if assurance information corresponding to said preconditions has been retrieved
generating a verified security alarm when generated security alert and
its retrieved precondition match with at least one corresponding assurance information
filtering said security alert when no match has been found between its retrieved preconditions and at least one corresponding assurance information;
emitting a non verified security alert when no preconditions have been retrieved for this alert and/or no assurance reference corresponding to said preconditions has been defined</p> |
申请公布号 |
EP2040435(B1) |
申请公布日期 |
2013.11.06 |
申请号 |
EP20070291115 |
申请日期 |
2007.09.19 |
申请人 |
ALCATEL LUCENT |
发明人 |
SINNAYA, ANULA;MARTIN, ANTONY;DUBUS, SAMUEL;CLEVY, LAURENT |
分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
|
地址 |
|