Method of detecting anomalous behaviour in a computer network

Method of detecting anomalous behaviour in a computer network comprising the steps of - monitoring network traffic flowing in a computer network system, - authenticating users to which network packets of the network traffic are associated, - extracting parameters associated to the network packets for each user, said parameters including at least the type (T) of network services, - forming symbols based on a combination of one or more of said parameters, and - modelling and analysing individual user behaviour based on sequences of occurrence of said symbols (S).


Year:
2005
Other identifiers:
TTO: 6.0466
EPO Family ID: 34932063
Laboratories:




 Record created 2015-09-22, last modified 2018-03-18


Rate this document:

Rate this document:
1
2
3
 
(Not yet reviewed)