Abstract: Described herein is a method for detecting systematic communications in a communications network (10, 30).

Abstract: Described herein is a method and network-security monitoring platform, also identified as Security Network Monitoring Platform (SNMP), for detecting anomalies in SSL and/or TLS communications set up in a communications network. The SNMP analyses data packets (DP) for detecting anomalous SSL and/or TLS handshake procedures in a monitoring interval, wherein each SSL and/or TLS handshake procedure comprises a first message sent by a respective client to a respective server for starting the respective SSL or TLS communication, and a corresponding second message sent by the respective server to the respective client. Next, the SNMP determines for each handshake procedure a first signature as a function of the data sent with the first message and a second signature as a function of the data of one or more certificates of the chain of certificates (CERT) sent with the second message. The SNMP then analyses the first and the second signatures to determine the respective popularity values.

Abstract: Techniques for detecting anomalies in communication networks are provided. Bayesian networks (first and second) are trained for each feature in first and second lists of features. Third and fourth lists of features are generated and then the first and second Bayesian networks are used to classify each value of the third list of features and of the fourth list of features, respectively, as normal or anomalous. In some examples, a Support Vector Machine can be used for the classification.