Security incident detecting method for use in telecommunication network e.g. enterprise Intranet, involves constructing directed graph, identifying connection component in directed graph, and determining incident indicator

摘要

The method involves constructing a directed graph (GO) comprising directed arcs connecting a source address (AS) to a destination address (AD) of a determined request flow (REQ). A connection component (CC) is identified in the directed graph, where the component comprises a root address and the destination addresses connected to the root address through a set of directed arcs. An incident indicator is determined based on the destination addresses of the identified connection component. A security incident is signaled if the incident indicator is greater than a selected threshold. Independent claims are also included for the following: (1) a device for detecting a security incident in a telecommunication network (2) a computer program for implementing a device for detecting a security incident in a telecommunication network (3) a recording medium readable by a security incident detecting device and recording a computer program for detecting a security incident in a telecommunication network.