Abstract: An intrusion detection arrangement for communication networks comprising a network activity observer configured to monitor network traffic by the related traffic elements, such as data packets, thereof and to establish traffic profiles relative to the monitored traffic elements, such as one profile per each monitored traffic element, a misuse detector configured to determine a first indication of a probability of the profiled traffic representing malicious activity through co-operation with a model repository comprising at least one model characterizing a known intrusion attack, an anomaly detector configured to determine, at least logically in parallel with the misuse detector, a second indication of a probability of the profiled traffic representing anomalous activity through cooperation with a model repository comprising at least one model characterizing legitimate network activity, and a classifier configured to operate on said first and second indications to generate a classification decision on the natu

Abstract: An electronic arrangement for analyzing a model-based testing scenario relating to a system under test (SUT), includes a model handler entity for obtaining and managing model data indicative of a model intended to exhibit the behavior of the SUT, a test plan handler entity for obtaining and managing test plan data indicative of a number of test cases relating to the model and expected outcome thereof, a test execution log handler entity for obtaining and managing test execution log data indicative of the execution of the test cases by the test executor and/or SUT, a communications log handler entity for obtaining and managing communications log data indicative of message traffic between the test executor entity and SUT, and an analyzer entity for detecting a number of failures and their causes in the model-based testing scenario on the basis of model, test plan, test execution log and communications log data.

Abstract: An intrusion detection arrangement (101) for communication networks comprising a network activity observer (102) configured to monitor network traffic by the related traffic elements, such as data packets, thereof and to establish traffic profiles relative to the monitored traffic elements, such as one profile per each monitored traffic element, a misuse detector (104) configured to determine a first indication of a probability of the profiled traffic representing malicious activity through co-operation with a model repository (106) comprising at least one model characterizing a known intrusion attack, an anomaly detector (108) configured to determine, at least logically in parallel with the misuse detector, a second indication of a probability of the profiled traffic representing anomalous activity through cooperation with a model repository (110) comprising at least one model characterizing legitimate network activity, and a classifier (112) configured to operate on said first and second indications to gene