METHOD FOR AUTOMATICALLY CONSTRUCTING COMPUTER ATTACK SCENARIOS, COMPUTER PROGRAM PRODUCT AND ASSOCIATED CONSTRUCTION SYSTEM

摘要

This method comprises a preliminary step (101) of acquiring a first dataset comprising a plurality of generic scenarios, a second dataset comprising a plurality of events occurring in the target environment and a third dataset comprising a plurality of alerts. The method further comprises a first step (110) of determining a generic scenario, termed the partial generic scenario, and an alert such that the elementary attack causing this alert corresponds to one or more actions of the partial generic scenario, a second step (120) of determining a plurality of anomalies, each anomaly corresponding to an abnormal event, and a third step (130) of associating, with at least one of the observable variables of the partial generic scenario, the observable value or one of the observable values of one of the determined anomalies.