SECURITY SYSTEM AND SECURITY METHOD FOR A DATA NETWORK AND FOR TERMINAL DEVICES CONNECTED TO THE DATA NETWORK

The present invention refers to a security system for a data network and for terminal devices coupled to the data network, the network comprising a network topology of a plurality of network nodes which are interconnected with each other, the security system being built-up hierarchically and implemented in the data network and comprising at least:- at least one network edge node (110) of the data network which is configured to extract and/or to generate traffic profiles from data traffic within the data network;- at least one first level analysis node (120) being connected to the at least one network edge node (110) and configured to receive the traffic profiles of the data traffic, to apply a learning algorithm to the traffic profiles, to store the learned traffic profiles locally and to forward at least some of the learned profiles which have become firmly established, to at least one second level analysis node (130),- the at least one second level analysis node (130) being connected to the at least one first level analysis node (120) and to at least one first logically centralized entity (140) and configured to receive the learned profiles from the at least one first level analysis node (120);- the at least one first logically centralized entity (140) which is configured to store rules which assign certain traffic profiles to respective actions, respectively, and to distribute, when the at least one second level analysis node (130) receives with a preconfigured frequency one of the certain traffic profiles from the at least one first level analysis node, the respective rules to the at least one second level analysis node (130) which forwards the respective rules to the at least one first level analysis node (120) for triggering execution of at least one action assigned to the received one of the certain traffic profiles.