FR3105486B1 - Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs - Google Patents
Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs Download PDFInfo
- Publication number
- FR3105486B1 FR3105486B1 FR1915143A FR1915143A FR3105486B1 FR 3105486 B1 FR3105486 B1 FR 3105486B1 FR 1915143 A FR1915143 A FR 1915143A FR 1915143 A FR1915143 A FR 1915143A FR 3105486 B1 FR3105486 B1 FR 3105486B1
- Authority
- FR
- France
- Prior art keywords
- network
- detecting
- equipment
- malicious behavior
- accessing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title abstract 7
- 238000004590 computer program Methods 0.000 title abstract 2
- 230000006399 behavior Effects 0.000 abstract 5
- 238000001514 detection method Methods 0.000 abstract 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/144—Detection or countermeasures against botnets
Abstract
Procédé de détection d’un comportement malveillant dans un réseau de communication, dispositif, équipement d’accès audit réseau, procédé de détection d’une attaque distribuée dans ledit réseau, dispositif, équipement nœud, système, fichier de données et programmes d’ordinateur correspondants L'invention concerne un procédé de détection d’un comportement malveillant de la part d’un objet communicant connecté à un réseau de télécommunications distant par l’intermédiaire d’un réseau de télécommunications local géré par un équipement d’accès audit réseau de télécommunications distant, ledit procédé étant mis en œuvre par un agent local connecté au réseau de télécommunications local, ledit procédé comprenant :- l’obtention (31) par l’équipement d’accès d’informations représentatives d’une séquence d’événements réseau datés, survenus dans une fenêtre temporelle prédéterminée; - la détection d’un comportement malveillant par mise en correspondance (33) des informations obtenues avec une signature, parmi une pluralité de signatures de comportements malveillants, stockées dans au moins une table de signatures ; et- la décision (34) de déclenchement d’au moins une action de protection du réseau de télécommunications local et/ou du réseau de télécommunications distant contre le comportement malveillant détecté. Fig. 3Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment, system, data file and computer programs The invention relates to a method for detecting malicious behavior on the part of a communicating object connected to a remote telecommunications network via a local telecommunications network managed by an access device to said network of remote telecommunications, said method being implemented by a local agent connected to the local telecommunications network, said method comprising:- obtaining (31) by the access equipment information representative of a sequence of network events dated, occurring within a predetermined time window; - the detection of a malicious behavior by matching (33) the information obtained with a signature, among a plurality of signatures of malicious behaviors, stored in at least one signature table; and- the decision (34) to trigger at least one action to protect the local telecommunications network and/or the remote telecommunications network against the malicious behavior detected. Fig. 3
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1915143A FR3105486B1 (en) | 2019-12-20 | 2019-12-20 | Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1915143 | 2019-12-20 | ||
FR1915143A FR3105486B1 (en) | 2019-12-20 | 2019-12-20 | Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs |
Publications (2)
Publication Number | Publication Date |
---|---|
FR3105486A1 FR3105486A1 (en) | 2021-06-25 |
FR3105486B1 true FR3105486B1 (en) | 2022-08-19 |
Family
ID=70738637
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
FR1915143A Active FR3105486B1 (en) | 2019-12-20 | 2019-12-20 | Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs |
Country Status (1)
Country | Link |
---|---|
FR (1) | FR3105486B1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113890821B (en) * | 2021-09-24 | 2023-11-17 | 绿盟科技集团股份有限公司 | Log association method and device and electronic equipment |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100162399A1 (en) * | 2008-12-18 | 2010-06-24 | At&T Intellectual Property I, L.P. | Methods, apparatus, and computer program products that monitor and protect home and small office networks from botnet and malware activity |
US10129270B2 (en) * | 2012-09-28 | 2018-11-13 | Level 3 Communications, Llc | Apparatus, system and method for identifying and mitigating malicious network threats |
US9654485B1 (en) * | 2015-04-13 | 2017-05-16 | Fireeye, Inc. | Analytics-based security monitoring system and method |
-
2019
- 2019-12-20 FR FR1915143A patent/FR3105486B1/en active Active
Also Published As
Publication number | Publication date |
---|---|
FR3105486A1 (en) | 2021-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6863969B2 (en) | Detecting security incidents with unreliable security events | |
US11019114B2 (en) | Method and system for application security evaluation | |
US10372910B2 (en) | Method for predicting and characterizing cyber attacks | |
EP3398106B1 (en) | Utilizing behavioral features to identify bot | |
JP6334069B2 (en) | System and method for accuracy assurance of detection of malicious code | |
US10915659B2 (en) | Privacy detection of a mobile application program | |
Avdiienko et al. | Mining apps for abnormal usage of sensitive data | |
US20160065594A1 (en) | Intrusion detection platform | |
US20160261624A1 (en) | Computer Implemented Techniques for Detecting, Investigating and Remediating Security Violations to IT Infrastructure | |
US9892259B2 (en) | Security protection system and method | |
CA2996966A1 (en) | Process launch, monitoring and execution control | |
CN103701794A (en) | Identification method and device for denial of service attack | |
KR102079304B1 (en) | Apparatus and method of blocking malicious code based on whitelist | |
US20240007487A1 (en) | Asset Remediation Trend Map Generation and Utilization for Threat Mitigation | |
Amarullah et al. | Analyzing cyber crimes during Covid-19 time in Indonesia | |
US20230418938A1 (en) | Attack kill chain generation and utilization for threat analysis | |
Seo et al. | Analysis on maliciousness for mobile applications | |
Malhotra et al. | A survey on various malware detection techniques on mobile platform | |
Buchyk et al. | Devising a method of protection against zero-day attacks based on an analytical model of changing the state of the network sandbox | |
CN109784051B (en) | Information security protection method, device and equipment | |
FR3105486B1 (en) | Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs | |
US20220159034A1 (en) | Method and system for determining an automated incident response | |
US10075454B1 (en) | Using telemetry data to detect false positives | |
CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
US20230385342A1 (en) | Automatic Incident Dispatcher |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PLFP | Fee payment |
Year of fee payment: 2 |
|
PLSC | Publication of the preliminary search report |
Effective date: 20210625 |
|
PLFP | Fee payment |
Year of fee payment: 3 |
|
PLFP | Fee payment |
Year of fee payment: 4 |
|
PLFP | Fee payment |
Year of fee payment: 5 |