| With the rapid development of the Internet and deepening of social life’sinformatisation, People increasingly rely on the ease and convenience brought by theInternet. At the same time, Malicious code also continue to develop. The interestsdrive the emergence of black chain, what greatly accelerated the speed of productionand propagation velocity of malicious code. In order to avoid being infringement bymalicious code, detection of malicious code also becomes very meaningful.Currently there are still many deficiencies in behavioral analysis technology ofmalicious code, this paper focus two of them. First, multiple execution paths methodhas the problem of low paths coverage. Second, in the past, the extraction andrepresentation of feature based on system call, only take one single system call as afeature, this feature representation ignores the sequential relationship betweenadjacent system calls, but the sequence information between adjacent system calls hasa positive effect in behavior determining.This paper attempts to solve the above deficiencies, the main work is as follows:(1) This paper presents a multiple execution paths method based on highstatement coverage, used to improve the path coverage.(2) This paper presents a representation and extraction method of taking partiallyordered system calls as a feature, order to emphasize the relationship between theadjacent system calls.(3) Study the principle of support vector machine and it’s application in maliciouscode detection.(4) Complete the design and initial implementation of malicious code detectionsystem based on behavioral analysis, and verify the validity of the two methodsproposed by this paper. |
PDF Full Text Request