With the emergence of comprehensive ICT networks and their increasing interconnection, number of participants and access points, attack surfaces and vectors multiply. Specifically, advanced persistent threats (APTs), which are targeted and highly customized attacks against organizational assets, pose serious security threats.
AECID (automatic event correlation for incident detection) is a detection technique which keeps track of system events, their dependencies and occurrences, to learn the “normal” system behavior over time and reports all actions that differ from a dynamically created system model...check out the video:
Further information