FR3105486B1 - Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs - Google Patents

Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs Download PDF

Info

Publication number
FR3105486B1
FR3105486B1 FR1915143A FR1915143A FR3105486B1 FR 3105486 B1 FR3105486 B1 FR 3105486B1 FR 1915143 A FR1915143 A FR 1915143A FR 1915143 A FR1915143 A FR 1915143A FR 3105486 B1 FR3105486 B1 FR 3105486B1
Authority
FR
France
Prior art keywords
network
detecting
equipment
malicious behavior
accessing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
FR1915143A
Other languages
French (fr)
Other versions
FR3105486A1 (en
Inventor
Guillou Xavier Le
Eric Bouvet
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orange SA
Original Assignee
Orange SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orange SA filed Critical Orange SA
Priority to FR1915143A priority Critical patent/FR3105486B1/en
Publication of FR3105486A1 publication Critical patent/FR3105486A1/en
Application granted granted Critical
Publication of FR3105486B1 publication Critical patent/FR3105486B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/144Detection or countermeasures against botnets

Abstract

Procédé de détection d’un comportement malveillant dans un réseau de communication, dispositif, équipement d’accès audit réseau, procédé de détection d’une attaque distribuée dans ledit réseau, dispositif, équipement nœud, système, fichier de données et programmes d’ordinateur correspondants L'invention concerne un procédé de détection d’un comportement malveillant de la part d’un objet communicant connecté à un réseau de télécommunications distant par l’intermédiaire d’un réseau de télécommunications local géré par un équipement d’accès audit réseau de télécommunications distant, ledit procédé étant mis en œuvre par un agent local connecté au réseau de télécommunications local, ledit procédé comprenant :- l’obtention (31) par l’équipement d’accès d’informations représentatives d’une séquence d’événements réseau datés, survenus dans une fenêtre temporelle prédéterminée; - la détection d’un comportement malveillant par mise en correspondance (33) des informations obtenues avec une signature, parmi une pluralité de signatures de comportements malveillants, stockées dans au moins une table de signatures ; et- la décision (34) de déclenchement d’au moins une action de protection du réseau de télécommunications local et/ou du réseau de télécommunications distant contre le comportement malveillant détecté. Fig. 3Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment, system, data file and computer programs The invention relates to a method for detecting malicious behavior on the part of a communicating object connected to a remote telecommunications network via a local telecommunications network managed by an access device to said network of remote telecommunications, said method being implemented by a local agent connected to the local telecommunications network, said method comprising:- obtaining (31) by the access equipment information representative of a sequence of network events dated, occurring within a predetermined time window; - the detection of a malicious behavior by matching (33) the information obtained with a signature, among a plurality of signatures of malicious behaviors, stored in at least one signature table; and- the decision (34) to trigger at least one action to protect the local telecommunications network and/or the remote telecommunications network against the malicious behavior detected. Fig. 3

FR1915143A 2019-12-20 2019-12-20 Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs Active FR3105486B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR1915143A FR3105486B1 (en) 2019-12-20 2019-12-20 Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR1915143 2019-12-20
FR1915143A FR3105486B1 (en) 2019-12-20 2019-12-20 Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs

Publications (2)

Publication Number Publication Date
FR3105486A1 FR3105486A1 (en) 2021-06-25
FR3105486B1 true FR3105486B1 (en) 2022-08-19

Family

ID=70738637

Family Applications (1)

Application Number Title Priority Date Filing Date
FR1915143A Active FR3105486B1 (en) 2019-12-20 2019-12-20 Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs

Country Status (1)

Country Link
FR (1) FR3105486B1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113890821B (en) * 2021-09-24 2023-11-17 绿盟科技集团股份有限公司 Log association method and device and electronic equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100162399A1 (en) * 2008-12-18 2010-06-24 At&T Intellectual Property I, L.P. Methods, apparatus, and computer program products that monitor and protect home and small office networks from botnet and malware activity
US10129270B2 (en) * 2012-09-28 2018-11-13 Level 3 Communications, Llc Apparatus, system and method for identifying and mitigating malicious network threats
US9654485B1 (en) * 2015-04-13 2017-05-16 Fireeye, Inc. Analytics-based security monitoring system and method

Also Published As

Publication number Publication date
FR3105486A1 (en) 2021-06-25

Similar Documents

Publication Publication Date Title
JP6863969B2 (en) Detecting security incidents with unreliable security events
US11019114B2 (en) Method and system for application security evaluation
US10372910B2 (en) Method for predicting and characterizing cyber attacks
EP3398106B1 (en) Utilizing behavioral features to identify bot
JP6334069B2 (en) System and method for accuracy assurance of detection of malicious code
US10915659B2 (en) Privacy detection of a mobile application program
Avdiienko et al. Mining apps for abnormal usage of sensitive data
US20160065594A1 (en) Intrusion detection platform
US20160261624A1 (en) Computer Implemented Techniques for Detecting, Investigating and Remediating Security Violations to IT Infrastructure
US9892259B2 (en) Security protection system and method
CA2996966A1 (en) Process launch, monitoring and execution control
CN103701794A (en) Identification method and device for denial of service attack
KR102079304B1 (en) Apparatus and method of blocking malicious code based on whitelist
US20240007487A1 (en) Asset Remediation Trend Map Generation and Utilization for Threat Mitigation
Amarullah et al. Analyzing cyber crimes during Covid-19 time in Indonesia
US20230418938A1 (en) Attack kill chain generation and utilization for threat analysis
Seo et al. Analysis on maliciousness for mobile applications
Malhotra et al. A survey on various malware detection techniques on mobile platform
Buchyk et al. Devising a method of protection against zero-day attacks based on an analytical model of changing the state of the network sandbox
CN109784051B (en) Information security protection method, device and equipment
FR3105486B1 (en) Method for detecting malicious behavior in a communication network, device, equipment for accessing said network, method for detecting a distributed attack in said network, device, node equipment and corresponding computer programs
US20220159034A1 (en) Method and system for determining an automated incident response
US10075454B1 (en) Using telemetry data to detect false positives
CN110958236A (en) Dynamic authorization method of operation and maintenance auditing system based on risk factor insight
US20230385342A1 (en) Automatic Incident Dispatcher

Legal Events

Date Code Title Description
PLFP Fee payment

Year of fee payment: 2

PLSC Publication of the preliminary search report

Effective date: 20210625

PLFP Fee payment

Year of fee payment: 3

PLFP Fee payment

Year of fee payment: 4

PLFP Fee payment

Year of fee payment: 5