Abstract: A method for processing an intrusion in a communication network including a plurality of node equipment, including a current node, which: discovers of a neighborhood of the current node, including assigning a resilience group to the neighboring node, according to at least one piece of information representative of a resilience level of the neighboring node to at least one type of attack; detecting an intrusion affecting at least one suspect node of the neighborhood of the current node; establishing a consensus concerning the at least one suspect node in a neighborhood by counting a number of resilience groups having detected the intrusion in the neighborhood of the suspect node and a total number of resilience groups represented in the neighborhood of the suspect node; and deciding to change a status of the suspect node based on a result of the consensus by comparison of both numbers.

Abstract: A method for processing an intrusion in a communication network including a plurality of node equipment, including a current node, which: discovers of a neighbourhood of the current node, including assigning a resilience group to the neighbouring node, according to at least one piece of information representative of a resilience level of the neighbouring node to at least one type of attack; detecting an intrusion affecting at least one suspect node of the neighbourhood of the current node; establishing a consensus concerning the at least one suspect node in a neighbourhood by counting a number of resilience groups having detected the intrusion in the neighbourhood of the suspect node and a total number of resilience groups represented in the neighbourhood of the suspect node; and deciding to change a status of the suspect node based on a result of the consensus by comparison of both numbers.

Abstract: The present invention refers to a method for adapting security policies of an information system infrastructure as a function of attacks on the system by storing potential attacks, their associated risks and curative security policies in a data repository, monitoring entering contents representing data streams of the information system, detecting at least one attack in the information system, assessing a success probability parameter of the at least one detected attack and its associated cost impact parameter, assessing an activation impact parameter of at least one curative security policy in response to the at least one detected attack and its associated cost impact parameter, deciding to activate or deactivate a curative security policy based on the success probability parameter of a detected attack, the activation impact parameter of associated curative security policies and the cost impact parameters of both an attack and associated curative security policies.

Abstract: The present invention refers to a method for adapting security policies of an information system infrastructure as a function of attacks on the system by storing potential attacks, their associated risks and curative security policies in a data repository, monitoring entering contents representing data streams of the information system, detecting at least one attack in the information system, assessing a success probability parameter of the at least one detected attack and its associated cost impact parameter, assessing an activation impact parameter of at least one curative security policy in response to the at least one detected attack and its associated cost impact parameter, deciding to activate or deactivate a curative security policy based on the success probability parameter of a detected attack, the activation impact parameter of associated curative security policies and the cost impact parameters of both an attack and associated curative security policies.