摘要:
Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said preconditions has been retrieved generating a verified security alarm when generated security alert and its retrieved precondition match with at least one corresponding assurance information filtering said security alert when no match has been found between its retrieved preconditions and at least one corresponding assurance information; emitting a non verified security alert when no preconditions have been retrieved for this alert and/or no assurance reference corresponding to said preconditions has been defined.
摘要:
A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.
摘要:
An exemplary technique is provided for detecting a hijacking of computer resources, located in an internal network implementing security criteria and confidentiality criteria specific to the internal network, connected to an external network with no security criteria and confidentiality criteria, through a connection managed by a service provider. The technique includes storing, at the internal network, a connection parameter implemented by the computer resources to communicate with the external network; processing, at the internal network, the stored connection parameter based on an irreversible function to generate a unique code that corresponds to the stored connection parameter but which does not allow the identification of the stored connection parameter from the corresponding generated unique code; and sending, at the internal network, the generated unique code to a server located on the external network so that the server can analyze an activity of the computer resources from the unique code and detect any hijacking of the computer resources.
摘要:
Method for classification of traffic on telecommunications networks, said method including a stage for the capture of traffic and a stage for detailed packet analysis, said method also including a stage for the statistical classification of traffic using a statistically-generated decision tree.
摘要:
The present invention provides a method for detecting the hijacking of computer resources, located on an internal network implementing security and confidentiality criteria specific to this internal network, connected to an external network with no such security and confidentiality criteria, through a connection managed by a service provider, comprising: storing a connection parameter implemented by the computer resources to communicate with the external network; processing the stored parameter based on an irreversible function to generate a unique code that corresponds to said stored parameter but which does not allow the identification of said parameter from the corresponding generated code; and sending said generated code to a server located on the external network so that the server can analyze the activity of the computer resources from said unique code to detect any hijacking of the computer resources.
摘要:
To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC1), a control server (SC) capable of communicating with the publication server (SP) and the terminal provide the latter with an application (App) that is downloaded and implemented on the terminal. The application makes it possible to define the control parameters (ParC) associated with the digital content, said parameters comprising a period of validity for the content and a list of web sites authorised to publish the digital content, generate a key (Kc) associated with the digital content, encrypt the digital content with said key, and store the control parameters (ParC), the generated key (Kc), and the encrypted digital content in various databases. The application then generates a reference (Ref) associated with the digital content and requires the publication of the reference by the publication server in place of the digital content.
摘要:
A communication equipment for an Internet Protocol communication network including a set of interfaces each connected to one or more other communication equipments and having means for receiving an address prefix from a first other communication equipment. It further includes allocation means for allocating to at least a portion of the other communication equipments to which the first other equipment does not belong a sub-prefix formed of the address prefix concatenated with an individual identifier whose length depends on the total number of other communication equipments.
摘要:
Example embodiments disclose a prefix assignment device for use in network equipments of an Internet Protocol communication network, the device including a processing module. The processing module of the prefix assignment device may determine a node Nj associated with an unassigned prefix Pj of length L(Pj) equal to L(Rk)−m. The processing module may also assign prefix Pj to the network equipment Rk if m is equal to 0 and/or perform successive m loops if m is greater than 0. The module may select one of the two prefixes with lengths equal to L(Rk) for assignment to the network equipment Rk.
摘要:
A security-procuring method for making an item of communications equipment (E) secure, said item of communications equipment comprising an operating system core (K) and a set of software applications (A), said core including at least one IPv6 protocol stack (PS) making it possible to transmit incoming data packets from an input port (PIN) to an application (A) and to transmit outgoing data packets from an application (A) to an output port (POUT), said protocol stacks including a set of interfaces (HPRE, HIN, HOUT, HPOST) organized to enable external modules connected to them to access said data packets transmitted by said at least one protocol stack at determined points associated with said interfaces. Said method is characterized in that an input module (MIN) and an output module (MOUT) are connected respectively to an input interface (HIN) and to an output interface (HOUT) of said core (K), and in that said modules select, analyze, and, if necessary, modify the data packets of the Network Discovery Protocol (NDP), in compliance with the Secure Neighbor Discovery (SEND) mechanism.
摘要:
A device (D) is dedicated to controlling the transfer of units of connection time for a communication network (N1) having accounting and/or billing equipment (ABE1). This device (D) includes processing means (PM) that, when they receive a request to transfer a chosen quantity of units of connection time to a beneficiary account associated with the communication identifier of a first communication terminal (BT) connected to a communication network (N1), responsible for accessing a first set of accounting and/or billing equipment (ABE1) managing the account of a donor associated with the communication identifier of a second communication terminal (DT) connected to the communication network (R1), to verify whether the quantity of units of connection time that the donor's terminal (DT) has is at least equal to the chosen quantity, and if so, to order the first set of equipment (ABE1), which also manages the beneficiary's account, to transfer in real time a quantity of units of connection time at most equal to the quantity chosen from the donor's account to the beneficiary's account.