Design and implementation of malicious code detection system based on AEC
基于AEC的恶意代码检测系统的设计与实现

In order to deal with the deficiency of current malicious code detection methods, an efficient detection method AEC for Multi-stage attack was proposed, and a new detection system based on AEC was designed and implemented. This system combined the misuse detection with anomaly detection methods, classified the single event in the network based on Active Event Correlation (AEC), and correlatively analysed each sort of events. Meanwhile, statistical model was used for further analysis. At last, it can effectively recognize multi-stage attacks, stop incomplete attack stages, and give network administrators meaningful and concise alerts.