METHOD FOR DETECTING AN ATTACK BY A THREAT IN AN OPERATING SYSTEM

The invention relates to a method for detecting an attack by a threat in an operating system (10). Prior to the system (10) being in use, the method comprises the following steps: - simulating a set of possible attack sequences from the threat; - processing the set of attack sequences to obtain a se...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DREO, Johann, LAUDY, Claire, FOSSIER, Simon
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention relates to a method for detecting an attack by a threat in an operating system (10). Prior to the system (10) being in use, the method comprises the following steps: - simulating a set of possible attack sequences from the threat; - processing the set of attack sequences to obtain a set of semantic graphs representing the set of attack sequences; while the system (10) is in use, the method comprises the following steps: - measuring the presence of a suspicious element present in the operating system (10) by means of a presence sensor (30); - comparing the measurements with the set of semantic graphs and determining a level of correlation between the measurements and each of the semantic graphs; - issuing an alert when at least one of the determined levels of correlation is higher than a predetermined alert threshold.