Authors: Yingxu Lai; Zenghui Liu; Tao Ye
Addresses: College of Computer Science, Beijing University of Technology, Beijing 100124, China ' Automation Engineering Institute, Beijing Polytechnic, Beijing 100176, China ' Qinghai University for Nationalities, Xining 810007, China
Abstract: This paper proposes a software behaviours analysis method based on behaviour template (SABT), which according to the context of source code, builds a behaviour template to detect software malicious behaviour based on function transfer map and minimum function blocks. In the present research, many methods used state transfer diagram to build software behaviour model. Our method is based on the corresponding relationship between the functions and system call sequence, which ensures the accuracy of the malicious behaviour detection. Compared with traditional methods, such as N-gram, FSA, and Var-gram, SABT can get higher cover rate of code and detect abnormal behaviour more effectively and efficiently.
Keywords: software behaviour; software interrupt; behaviour template; minimum function block.
International Journal of Simulation and Process Modelling, 2018 Vol.13 No.2, pp.126 - 134
Received: 06 Nov 2015
Accepted: 17 Mar 2016
Published online: 14 May 2018 *