The method involves characterizing packets of a sample by respective vectors whose components correspond to variables calculated from fields of the packets, where the fields are chosen from fields of a packet header. An axis representing a dispersion of the packets of the sample is determined from the vectors characterizing the packets by applying a principal component analysis method. A region of an axis representing attack packets is identified, where the region represents discrimination criteria of the attack packets and legitimate packets. Independent claims are also included for the following: (1) a method for discriminating attack packets and legitimate packets belonging to a stream of packets (2) a device for establishing a discrimination criteria of attack packets and legitimate packets belonging to a stream of packets (3) a device for discriminating attack packets and legitimate packets belonging to a stream of packets (4) a computer program comprising code portions for executing a discrimination criteria establishing method (5) a data storage unit comprising software program code instructions for executing a discrimination criteria establishing method (6) a computer program comprising code portions for executing an attack packet and legitimate packet discriminating method (7) a data storage unit comprising software program code instructions for executing an attack packet and legitimate packet discriminating method.
展开▼
