Journal of Systems Engineering and Electronics ›› 2012, Vol. 34 ›› Issue (8): 1735-1740.

Previous Articles     Next Articles

Research on detecting technology of malicious software based on sub-behavior

MIAO Qi-guang, WANG Yun, CAO Ying, LIU Wen-chuang   

  1. School of Computer, Xidian University, Xi’an 710071, China
  • Online:2012-08-27 Published:2010-01-03

PDF (PC)

Abstract:

A malware detection method based on minimum behavior is proposed. Minimum behavior is defined as application programming interface (API) subsets which the malicious code operates on each resource at runtime. A malicious software (malware) detecting system based on minimum behavior is implemented to dynamically capture the system calls, and construct the signature of malware by extracting the defined use (def-use) relation between systems calls, and then detect the malware using a chisquare test algorithm. Compared with the method based on the frequency of API, the proposed method has a higher true positive fraction, and the false positive fraction is lower.

[an error occurred while processing this directive]