SUPPRESSION OF FALSE ALARMS IN ALARMS ARISING FROM INTRUSION DETECTION PROBES IN A MONITORED INFORMATION SYSTEM

摘要

The invention relates to a system and method for the suppression of false alarms in alarms arising from intrusion detection probes (13a, 13b, 13c) in a monitored information system (1) comprising entities (9, 11a, 11b) producing attacks associated with said alarms and a system for the management of alarms (15), comprising the following steps: -definition, by means of a false alarm suppression module (23), of qualitative relations between the entities (9, 11a, 11b) and a set of profiles; definition, by means of the false alarm suppression module (23), of nominative relations between the set of profiles and a set of names of attacks that the set of profiles is reputed to produce; qualification, by means of the false alarm suppression module (23),of an alarm given by a false alarm if the entity (9, 11a, 11b) involved in the given alarm has a profile which is reputed to produce the attack associated with said given alert.