关键词: 恶意行为, 规范, 调用踪迹, 极小对比子图

Abstract: On the study of malicious code, the automatic generation of malicious behavior speciation is still a difficult problem. In the field of generation of malicious behavior specification based on system call trace, the existing graph representation uses the minimal contrast subgraph mining method to generate the speciation, but the worst time complexity gets to O(N!). This paper studied the automatic generation method of malicious code specification. In order to reduce the complexity of specification generation, this paper proposed a method to transform the program call traces to a graph representation so that the number of final graph nodes was reduced and the node label was unique, and the worst time complexity of specification generation is O(N2).

Key words: Malicious behavior, Specification, System Call Trace, Minimal Contrast Subgraph