FIELD: information security.
SUBSTANCE: system for automatic assessment of the quality of network traffic signatures, including an event collection module, a crucial signature list, an analyzing module, and a final aggregation module, differs in that it includes a preaggregation module, which is made with the possibility of continuous processing of unprocessed data and resource-intensive calculations, wherein the event collection module is connected to the preaggregation module, which is connected to the analyzing module and/or the final aggregation module, wherein the analyzing module is also connected to the final aggregation module, and the crucial signature list is connected to the event collection module and to the final aggregation module.
EFFECT: increase in the accuracy of detection of malicious activity in a network.
20 cl, 10 dwg
Authors
Dates
2022-10-18—Published
2021-04-30—Filed