ESTABLISHMENT OF ALERTS BY MEANS OF THE DETECTION OF STATIC AND DYNAMIC ANOMALIES IN THE TRAFFIC OF A SERVICE ENTITY

摘要

The invention relates to the establishment of alerts using periodic evaluations of evaluation parameters relating to the traffic of at least one service entity (SE), static anomaly detectors (DDs) and dynamic anomaly detectors (DDd) in order to detect flooding-denial-type attacks, such as to produce a global alert including evaluation parameters and a current evaluation date when an alert level exceeds a minimum threshold. The global alerts of entities associated with the current evaluation date are aggregated into a current aggregated alert (AA). If the smallest similarity distance between the current aggregated alert and the alerts aggregated on evaluation dates close to the current date is lower than a similarity threshold, the identifiers of the aggregated alerts separated by the smallest distance are merged, thereby signalling a detected attack. Otherwise, an identifier is attributed to the current aggregated alert.