Procedure for the Association of Heterogeneous Data Sources for Security of communication networks and associated System

摘要

Association procedure (100) of a First Data source with a Second Data Source.The First Data Source (4) constitutes a table generated by a Monitoring Component (3) of a Communication Network (2),Each row of the table corresponds to an event (and _ (i) in the network that meets a predefined Alert rule.The Second Data Source (6) is formed by a Plurality of binary files (m, F _)Each file is generated by a Probe (3) analysis of the contents of intercepted packets in the Network.A file that collects The Data packets that belong to a same Communication session in such a Network, the method comprises the steps of: - providing a class,Warning "class, defined by a Plurality of variablesA function of Building Codes and a function of checking Equality; - For Each event (and _ (i) of the First Data Source (4),ALERT (_ instantiating an object of the class i) Alert and update a Table of arbitrary Choice (14) by calculating the value of the building function for that object code Verification ALERTa instantiated for each file; (F _ m) the second source of Data (6),Analyze the file to extract the possible values for the variables of the class warning; use function of Building Codes and checking the function of equal Class warningVerify, by means of the arbitrary Choice (Table 14), if the extracted values correspond to an object instantiated warning; and, if so,Associate a file identifier in memory of that object is instantiated for Alert,According to the function of creating codes to check the warning class is defined by: * * * * formula where n is the number of bytes used to represent an object of Class warningAnd sq is a Weight that allows to weigh the fifth byte.