Research and implementation of obtaining malicious code behavior

Based on the analysis and comparison of the malicious code static analysis and dynamic analysis methods, the authors designed and implemented a module through putting forward a combination of virtual machine technology and Windows operating system which had its own debugging function to obtain the behavior of malicious code, the module could automatically operate a virtual machine to run a monitoring program to obtain the behavior of malicious code, and got behavior feature by features weight algorithm based on information gain.