首页>
外国专利>
METHOD AND SYSTEM FOR DETECTING INTRUSION IN NETWORKS AND SYSTEMS BASED ON BUSINESS-PROCESS SPECIFICATION
METHOD AND SYSTEM FOR DETECTING INTRUSION IN NETWORKS AND SYSTEMS BASED ON BUSINESS-PROCESS SPECIFICATION
展开▼
机译:基于业务过程规范的网络入侵检测方法和系统
展开▼
页面导航
摘要
著录项
相似文献
摘要
Intrusions and incidents on networks and systems are detected using intrusion detection systems. The present invention relates to the field of security in communication networks, control systems and information systems and concerns an intrusion detection system and method based on the specification of business processes and business rules. Different methods are implemented to use events in each system or network as indicators of actions on the systems involved, and these are analyzed to determine whether they correspond to a previously specified business process being run, an alarm being triggered if they do not. The present invention considerably reduces the number of false positives typical in intrusion detection systems, and are particularly useful for protecting systems involved in business processes that can be fully specified, notably industrial systems and systems used in critical infrastructure.
展开▼