ATTRIBUTE-BASED POLICIES FOR INTEGRITY MONITORING AND NETWORK INTRUSION DETECTION

ATTRIBUTE-BASED POLICIES FOR INTEGRITY MONITORING AND NETWORK INTRUSION DETECTION

A method of detecting anomalous behaviour in data traffic includes parsing data traffic to extract protocol field values of a protocol message of data traffic, deriving attribute values of attributes of one of the first host, the second host, and the link. The method includes selecting a model relat...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: COSTANTE, Elisa
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method of detecting anomalous behaviour in data traffic includes parsing data traffic to extract protocol field values of a protocol message of data traffic, deriving attribute values of attributes of one of the first host, the second host, and the link. The method includes selecting a model relating to the one of the first host, the second host, and the link. The mode includes at least one semantic attribute expressing a semantic meaning for the first host, the second host, or the link. The method further includes updating the selected model with the derived attribute values, assessing whether the updated model complies with a set of attribute-based policies defining a security constraint of the data communication network, and generating an alert signal in case the attribute-based policies indicate that the updated model violates at least one of the attribute-based policies.