Abstract: A technique is provided for detecting unauthorized use or abnormal activities of a targeted system of a network. The technique includes a comparison of captured data that relates to a targeted system with attack signatures to generate a security alert when the captured data and an attack signature match, a comparison of assurance metrics data from a monitored targeted perimeter with assurance references to generate assurance information when the assurance metrics data and an assurance reference match, a generation of a verified security alarm when the security alert and associated preconditions match a corresponding assurance information, a filtering of the security alert when no match has been found between the associated retrieved preconditions and the corresponding assurance information, and an emitting of a non verified security alert when no preconditions have been retrieved for the security alert and/or no assurance reference corresponding to the preconditions has been defined.

Abstract: Intrusion detection method for detecting unauthorized use or abnormal activities of a targeted system of a network, comprising the steps: creating defined preconditions for each vulnerability related to the targeted system and/or for each attack that exploit one or several vulnerabilities; creating assurance references corresponding to said defined preconditions and considering the targeted perimeter capturing data related to the targeted system; comparing captured data with attack signatures for generating at least one security alert when captured data and at least one attack signature match; capturing assurance data from monitoring of the targeted perimeter comparing assurance data, issued from assurance monitoring of the targeted perimeter, with assurance references for generating assurance information when said data issued from assurance monitoring and at least one assurance reference match retrieving the preconditions of the generated security alert checking if assurance information corresponding to said