Abstract: A method for aiding detection of infection of a terminal by malware. The method includes: reception of a current request originating from the terminal asking for access to a resource of a network; detection that the resource requested is malevolent; when the current request includes a reference to an initial resource, verification that access to the initial resource has been requested from the terminal in at least one earlier request, the initial resource having been detected legitimate during processing of the earlier request; and wherein the current request being then considered to be an attempt to infect the terminal.

Abstract: A method for aiding detection of infection of a terminal by malware. The method includes: reception of a current request originating from the terminal asking for access to a resource of a network; detection that the resource requested is malevolent; when the current request includes a reference to an initial resource, verification that access to the initial resource has been requested from the terminal in at least one earlier request, the initial resource having been detected legitimate during processing of the earlier request; and wherein the current request being then considered to be an attempt to infect the terminal.

Abstract: The invention concerns a method for detecting anomalies in network traffic, said traffic being transmitted by a server (10) in response to requests from at least one client device (11), the method comprising: —a step (E10) of receiving a request, said request being of a given type, —a step (E11) of receiving a response to the request, —a step (E13) of constructing a current bit vector (VN), representative of the response, —a step (E17) of calculating a similarity index representative of a distance between the current bit vector and a model bit vector (Vmod) associated with the request type, —a step of checking (E18) that the similarity index (Isc) does not belong to a compliance interval (IC) calculated for the request type, an anomaly being detected when the similarity index does not belong to the compliance interval.

Abstract: Method of forestalling attacks in a network, by slowing down a communication in a network including at least one computer including malware aimed at establishing a communication with a control server. The method includes: reception of a request to transfer data originating from the computer, indicating that the IP address of the security server has been provided to the computer in response to a domain name resolution request including a domain name associated with the IP address of the control server, the domain name being included in a black list; waiting for a smaller duration than an expiry period for a transport protocol transporting packets of the communication, a session being maintained during this expiry period in the event of inactivity; and dispatching a packet including a byte generated pseudo-randomly so as to maintain the session active.

Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.

Abstract: A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.

Abstract: Method of forestalling attacks in a network, by slowing down a communication in a network including at least one computer including malware aimed at establishing a communication with a control server. The method includes: reception of a request to transfer data originating from the computer, indicating that the IP address of the security server has been provided to the computer in response to a domain name resolution request including a domain name associated with the IP address of the control server, the domain name being included in a black list; waiting for a smaller duration than an expiry period for a transport protocol transporting packets of the communication, a session being maintained during this expiry period in the event of inactivity; and dispatching a packet including a byte generated pseudo-randomly so as to maintain the session active.

Abstract: The invention concerns a method for detecting anomalies in network traffic, said traffic being transmitted by a server (10) in response to requests from at least one client device (11), the method comprising: a step (E10) of receiving a request, said request being of a given type, a step (E11) of receiving a response to the request, a step (E13) of constructing a current bit vector (VN), representative of the response, a step (E17) of calculating a similarity index representative of a distance between the current bit vector and a model bit vector (Vmod) associated with the request type, a step of checking (E18) that the similarity index (Isc) does not belong to a compliance interval (IC) calculated for the request type, an anomaly being detected when the similarity index does not belong to the compliance interval.

Abstract: A method is provided for attack detection and protection of a set of virtual machines in a system, which includes at least one first host server hosting said set of virtual machines. The method includes: receiving an attack detection message regarding a virtual machine, triggering a first migration of the virtual machine from the first host server toward a security system, and receiving an attack treatment message regarding the migrated virtual machine.

Abstract: A method for detecting intrusions on a set of virtual resources in a computer system including at least one physical machine hosting the set of virtual resources. The method includes: calculating an intrusion detection itinerary defined by a sequence of virtual resources from the set, the virtual resources being integrated and arranged in the sequence on the basis of respective vulnerability criticality levels assigned to the virtual resources of the set; and carrying out an intrusion detection operation, following the calculated itinerary.

Abstract: A method of and module for masking application processing applied to a request for access to a server by a client workstation connected via successive proxy servers. The application of a first proxy server, is executed, the address of the client workstation is inserted into a specific data field of the access request message header, without calling for any IP spoofing function and the access request message for execution of successive application processing is sent to successive proxy servers. After execution of its application processing by a last proxy server and transmitting of the access request message to the server, the access request message is intercepted at a masking module, the specific field from the header is eliminated to mask the application processing, and a masked access request message is constructed and the masked access request message is sent from the masking module to the server.

Abstract: The invention concerns distributed DNS resolution of a DNS request comprising an FQDN domain name between terminal (T) and relevant parent server (SPP). The method consists in transmitting (A) a DNS request (r_DNS) to an extended intermediate relay server (SRE), and, in the absence of stored previous DNS resolution solution, inserting (B) in the request a DNS resolution extension variable (VE) to generate an extended DNS request (er_DNS), transmitting (C) the extended request to the parent server. Upon verification of the variable, searching (D) for a distributed DNS resolution agent (A_R_D), transmitting (E) an extended DNS reply EA DNS, containing the agent (A_R_D) to the relay server, executing (F) the agent to generate a DNS reply (A_DNS@IP) comprising at least the (FQDN) IP address and transmitting (G) the reply A DNS(?IP) to the terminal. The invention is applicable to DNS resolution on IP local area network or on the Internet.

Abstract: A method of and module for masking application processing applied to a request for access to a server by a client workstation connected via successive proxy servers. The application of a first proxy server, is executed, the address of the client workstation is inserted into a specific data field of the access request message header, without calling for any IP spoofing function and the access request message for execution of successive application processing is sent to successive proxy servers.