【摘要】 针对现有恶意代码检测技术的不足,提出了能够有效检测复杂攻击的活动事件关联(AEC)分析技术,设计并实现了一个基于AEC的全新的检测系统。该系统结合误用与异常检测技术,采用AEC的思想将网络中的单个事件进行分类,对每类事件进行纵向关联分析。同时结合一段时间内的数据流量统计结果,最终更准确地推断出可疑的攻击并在它们完成攻击前阻止,向网络管理员发出有意义的准确的报警。更多还原

【Abstract】 In order to deal with the deficiency of current malicious code detection methods, an efficient detection method AEC for Multi-stage attack was proposed, and a new detection system based on AEC was designed and implemented. This system combined the misuse detection with anomaly detection methods, classified the single event in the network based on Active Event Correlation (AEC), and correlatively analysed each sort of events. Meanwhile, statistical model was used for further analysis. At last, it can effectively recognize multi-stage attacks, stop incomplete attack stages, and give network administrators meaningful and concise alerts.更多还原