A Malicious Code Detection Method Based on Two-dimensional Behavior Characterization

Malicious code detection algorithms based on individual behavior characterization lead to the low accuracy in detecting malware.An algorithm to detect malicious code based on two-dimensional behaviour characteristics is proposed.After static analysis for the malicious code,this algorithm gets behavior characterization from two dimensions:system call graph and function call graph,which combines the semantic and structure features to reflect the behavior characterization of the malicious code.The decision outcome is given out by using weighted majority voting algorithm and the feature advantages of the classifiers.Experimental results show that the algorithm has a much higher accuracy on the test code.