METHOD FOR THE TREE STRUCTURE REPRESENTATION OF A GROUP OF DIGITAL DATA STREAMS, THE ASSOCIATED TREE STRUCTURE AND METHOD AND SYSTEM FOR THE DETECTION OF A FLOOD ATTACK

摘要

The invention relates to a method of using an adaptive tree structure in order to represent a group of digital data streams (AFL[AJ,VL]), which is formed by at least one candidate stream (CFk[AkVk]). The inventive method consists in passing through (A) each node (NL[A,A',L',A',L',V]) of a tree structure having an address that corresponds to all or part of a common address part of the destination address (Ak) of a candidate stream or a group of streams; creating at least one leaf for each destination address part of a candidate stream that is different from said common address part (B), each node or leaf having an associated state variable (V), (Vk) that is representative of the candidate stream or a group of streams in terms of network occupancy; assigning each node (NL[A,A',L',A',L',V]) or leaf passed through or created (C), (D) an average behaviour variable (MB(MVNSVN)) in terms of network occupancy as a function of the state variable; controlling (C), (D), at least the creation of a node or a leaf and the updating of the average behaviour variable based on a criterion for discrimination of the common address part or the address of the group of streams or of the candidate stream in relation to the nodes and leaves; and comparing the behaviour of the node with the normal behaviour which depends on the number of leaves N that are associated with said node. The invention can be used for the technical management of IP networks, corporate networks and other networks and for the detection of a flood attack.