Suppression of False Alarms in Alarms Arising from Intrusion Detection Probes in a Monitored Information System
First Claim
Patent Images
1. A method of suppressing false alarms among alarms issued by intrusion detection sensors (13a, 13b, 13c) of a protected information system (1) including entities (9, 11a, 11b) generating attacks associated with the alarms and an alarm management system (15), the method being characterized in that it comprises the following steps:
- using a false alarm suppression module (23) to define qualitative relationships between the entities (9, 11a, 11b) and a set of profiles;
using the false alarm suppression module (23) to define nominative relationships between the set of profiles and a set of names of attacks which that set of profiles is recognized as generating; and
using the false alarm suppression module (23) to qualify a given alarm as a false alarm if the entity (9, 11a, 11b) implicated in the given alarm has a profile recognized as generating the attack associated with that given alarm.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention relates to a system and a method of suppressing false alarms among alarms issued by intrusion detection sensors (13a, 13b, 13c) of a protected information system (1) including entities (9, 11a, 11b) generating attacks associated with the alarms and an alarm management system (15), the method comprising the following steps:
- using a false alarm suppression module (23) to define qualitative relationships between the entities (9, 11a, 11b) and a set of profiles;
- using the false alarm suppression module (23) to define nominative relationships between the set of profiles and a set of names of attacks which that set of profiles is recognized as generating; and
- using the false alarm suppression module (23) to qualify a given alarm as a false alarm if the entity (9, 11a, 11b) implicated in the given alarm has a profile recognized as generating the attack associated with that given alarm.
44 Citations
16 Claims
-
1. A method of suppressing false alarms among alarms issued by intrusion detection sensors (13a, 13b, 13c) of a protected information system (1) including entities (9, 11a, 11b) generating attacks associated with the alarms and an alarm management system (15), the method being characterized in that it comprises the following steps:
-
using a false alarm suppression module (23) to define qualitative relationships between the entities (9, 11a, 11b) and a set of profiles; using the false alarm suppression module (23) to define nominative relationships between the set of profiles and a set of names of attacks which that set of profiles is recognized as generating; and using the false alarm suppression module (23) to qualify a given alarm as a false alarm if the entity (9, 11a, 11b) implicated in the given alarm has a profile recognized as generating the attack associated with that given alarm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
- 10. A false alarm suppression module, characterized in that it includes data processor means (25) for defining qualitative relationships between entities (9, 11a, 11b) and a set of profiles, for defining nominative relationships between the set of profiles and a set of names of attacks which that set of profiles is recognized as generating, and for qualifying a given alarm as a false alarm if the entity implicated in the given alarm has a profile recognized as generating the attack associated with that given alarm.
Specification