摘要： 为有效预防变形病毒和新出现的恶意软件，提出一种基于序列模式发现的恶意行为静态检测方法。将恶意代码转换为汇编代码，对其进行预处理，采用类Apriori算法完成序列模式发现，并去除正常模式，得到可用于未知恶意代码检测的模式集合。实验结果表明，该方法的正确率较高、漏报率较低。

关键词: 恶意行为检测, 序列模式发现, 软件行为, 汇编指令, 静态检测

Abstract: To prevention metamorphism and new malware effectly, a static detection method based on data mining is proposed and its key technique is discussed. Melware code is disassembled and preprocessed into sequential data, an Apriori-like algorithm is used to discover sequential pattern and remove normal pattern, the result pattern set can be used to detect unknown malware. Experimental result shows that the method has high accuracy rate and low false positive rate.

Key words: malicious behavior detection, sequential pattern discovery, software behavior, assembly instruction, static detection

中图分类号: 

• TP309