关键词: 行为分析, 行为检测, 应用程序接口调用序列, 层次化方法, 攻击树

Abstract: This paper proposed a hierarchical method to analyze malware behavior, which firstly obtained behavior information according to the system call sequence in the run-time of the program, then analyzed their behavioral intentions and made hazard assessments. On the part of behavior detection, a behavior detection algorithm was designed, which utilized system calls and their arguments to identify the program behavior. On the part of behavior analysis, an evaluation model about the harms of malicious actions was established on the basis of summarizing a variety of malicious actions and their harms to computer system, together with a method being given to evaluate the harm of the code.

Key words: behavior analysis, behavior detection, Application Programming Interface (API) system call, hierarchical method, attack tree