This paper puts forward one kind of behavioral characteristic extraction and detection method of malicious code based on semantic; it extracts the key behavior and dependence relations among behaviors by combining with stain spread analysis in command layer and semantic analysis in behavior layer. And then it uses anti-confusion engine identification semantic irrelevance and semantic equivalence behavior to obtain malicious code behavior characteristic with certain capacity of resisting disturbance, as well as realize characteristic extraction and detection on prototype system. It completes experimental demonstration on this system through analysis and detection on plenty of malicious code samples. The test result indicates that extraction characteristic based on the above methods has characteristic such as stronger capacity of resisting disturbance etc., detection based on this characteristic has better identification ability for malicious code.

• 出版日期2017-10
• 单位中北大学; 武汉大学