METHOD AND SYSTEM FOR DETECTING INTRUSION IN NETWORKS AND SYSTEMS BASED ON BUSINESS-PROCESS SPECIFICATION

摘要

The detection of intrusions or incidents in networks and systems is carried out with the support of Intrusion Detection Systems. The present invention falls within the field of network security, control systems and information systems and refers to a method and a system of IDS based on the specification of the business processes and business rules. Through various methods, the events in each system or network are used as indication of actions on the systems involved, and analyzed to determine if they correspond to the execution of the business process specified in advance, not corresponding an alarm is produced. The present invention significantly reduces the number of typical IDS false positives and has particular application in the protection of systems that participate in business processes that are completely specifiable. Noteworthy are the industrial systems and those used in critical infrastructures.