Title: Software behaviour analysis method based on behaviour template

Authors: Yingxu Lai; Zenghui Liu; Tao Ye

Addresses: College of Computer Science, Beijing University of Technology, Beijing 100124, China ' Automation Engineering Institute, Beijing Polytechnic, Beijing 100176, China ' Qinghai University for Nationalities, Xining 810007, China

Abstract: This paper proposes a software behaviours analysis method based on behaviour template (SABT), which according to the context of source code, builds a behaviour template to detect software malicious behaviour based on function transfer map and minimum function blocks. In the present research, many methods used state transfer diagram to build software behaviour model. Our method is based on the corresponding relationship between the functions and system call sequence, which ensures the accuracy of the malicious behaviour detection. Compared with traditional methods, such as N-gram, FSA, and Var-gram, SABT can get higher cover rate of code and detect abnormal behaviour more effectively and efficiently.

Keywords: software behaviour; software interrupt; behaviour template; minimum function block.

DOI: 10.1504/IJSPM.2018.091693

International Journal of Simulation and Process Modelling, 2018 Vol.13 No.2, pp.126 - 134

Available online: 02 May 2018 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article