At the present time, the tools for supervising network infrastructures such as enterprise networks, administrative networks or specific community networks are highly complex.
From a first aspect, the complexity is the result of the growing number of interfacing devices having access to a given network. At the present time, the devices involved in accessing a given network are:                nomadic devices such as smartphones, tablets;        computers, workstations, portable computers;        devices supporting the network such as commutating switches, routers, administrative servers, etc.        
The growing number of devices creates increased complexity of the number of supervisory messages to be processed.
Another aspect concerns the quality of the network service, aimed in particular at improving the reliability and security of the network, which of course implies increased complexity of the administrative tools in order to eliminate all faults in a system.
Making the security of a network more reliable is even more important as the number of points from which the system is accessed increases with the number of devices mentioned in the first aspect.
Improving the reliable security of a network is the answer to the need to reduce the vulnerability of a network in the areas of applications, transmission protocols or intrusions for instance by pirating of encrypted keys or user passwords.
One of the dangers consists in letting an unauthorized person penetrate a network with the objective of causing harm, for instance by erasing data or stealing confidential information.
Because of this complexity, the tools have integrated correlators for processing in semi-automatic or automatic mode events occurring inside the network.
The correlators are capable of managing a set of events by analyzing for instance, their number, their redundancy, their nature, an expected sequence of a set among these events, the reception dates, emitters and receivers, etc.
These correlators are capable of assisting persons in their decision making by filtering and synthesizing all the emitted events.
More and more, correlators are taking the security aspects into account by identifying anomalies or irregularities in the reception of the received messages.
There are different types of solutions for detecting such anomalies. In the first place, we are mentioning the HIDS solution (the English language acronym means “Host Intrusion Detection System”), which enhances in particular the modifications of a system for detection of abnormal activities and gaps in security policy.
In the second place, the NIDS solution (the English language acronym means “Network Intrusion Detection System”) for the detection of so-called “malicious” or pockmarked messages among the messages transiting through the system.
A third solution consists in using a firewall for detecting the use of unauthorized transmission ports in a given link.
Each envisaged solution comprises a common emission mechanism for alarm messages when an event occurs that can potentially endanger the security of the network or of the information transiting through the network. There are solutions such as, for instance, event journals of exploitation systems or applications where the emitted messages are not necessarily alarms but event notifications. There are numerous solutions comprising notification emission systems such as firewalls, anti-virus and other solutions.
In networks with real time constraints, for instance synchronized networks, the messages are in general time stamped. Time stamping improves in particular the routing protocols or the synchronization problems of a network. Network supervision devices do not use time stamping because the event correlators use the message arrival date to make a decision. In this way, messages can be classified chronologically, analyses can be performed and adequate decisions can be made, for instance, when a security failure is detected.
One major problem, resulting from the increased complexity of information systems and data networks, is that some anomalies significantly downgrade the analysis of events in synchronized networks. Among these anomalies we find incidents such as service interruptions, radio silence and too long latency times in addition to low volume of data.
As an example, during a voluntary or involuntary radio silence, occurring throughout the whole network or part of it, numerous messages can be received by the supervisory equipment at the end of the radio silence. A radio silence corresponds with a stop of message emission and reception during a time interval. This event can take place, for instance, in military applications. When the network returns to normal operation after the radio silence, the supervisory equipment must process thousands of messages arriving in mass all at the same time. Events such as intrusions could have occurred during the radio silence, which must be detected afterwards.
At the present time, correlators are not developed to meet these requirements. Therefore, they can make wrong decisions. In fact, all messages arriving at the same time at the entrance of the correlator can be received out of order. This has as consequence that if the correlator takes into account the reception time of a message, it risks making a bad decision or not making a decision, while in fact it should have generated an action in order to ensure the reliability of the data transiting through the network.