Abstract：Three methods of distillation in the program behavior were introduced,and the program behavior was distilled and analyzed in LKM.The system call arguments was anlalyzed from the length distribution of character string,characteristic distribution of character string and special system call arguments,which rich the technique to analyze the program behavior and improve the exactness of detection of program anomalism.
朱国强;刘真;李宗伯. 对计算机系统中程序行为的分析和研究[J]. 计算机应用, 2005, 25(12): 2739-2741.
ZHU Guo-qiang,LIU Zhen,LI Zong-bo. Analyses and research of the program behavior in computer system. Journal of Computer Applications, 2005, 25(12): 2739-2741.