Detecting current attacks based on signature generation techniques in computerized environment

A method for detecting a current attack in a computerized environment is automatically performed by one or more computerized hosts (50) in the computerized environment. The method comprises generating a signature (22) specific to one type of activity in the computerized environment based on historical data (20, 21) of the activity, the signature (22) specifying an average normalized number of occurrences of the activity in each of a plurality of repeatedly occurring time frames. The method further includes determining a threshold for the activity based on historical data and statistical metrics for the activity. The method also includes monitoring current data of the activity in the computerized environment and generating an attack detection alert based on determining that the current data of the activity exceeds a threshold for the current time frame. 一种用于在计算机化环境中检测当前攻击的方法由计算机化环境中的一个或多个计算机化主机(50)自动执行。该方法包括基于活动的历史数据(20，21)生成特定于计算机化环境中的一种类型的活动的签名(22)，该签名(22)指定活动在多个反复出现的时间帧的每个时间帧中的平均归一化出现次数。该方法还包括基于活动的历史数据和统计度量