| 摘要 |
The invention relates to a system and a method of suppressing false alarms among alarms issued by intrusion detection sensors ( 13 a, 13 b, 13 c) of a protected information system ( 1 ) including entities ( 9, 11 a, 11 b) generating attacks associated with the alarms and an alarm management system ( 15 ), the method comprising the following steps: using a false alarm suppression module ( 23 ) to define qualitative relationships between the entities ( 9, 11 a, 11 b) and a set of profiles; using the false alarm suppression module ( 23 ) to define nominative relationships between the set of profiles and a set of names of attacks which that set of profiles is recognized as generating; and using the false alarm suppression module ( 23 ) to qualify a given alarm as a false alarm if the entity ( 9, 11 a, 11 b) implicated in the given alarm has a profile recognized as generating the attack associated with that given alarm.
|
