摘要： 研究基于行为特征的恶意代码检测模型及其实现方式，并分析实现中的关键技术。使用自定义行为特征编码模板进行恶意代码匹配，将短周期内2次匹配成功作为判定恶意代码的标准，利用最大熵原理分析2次恶意代码行为的信息论特征。实验结果表明，该方法具有较低的病毒检测误报率和漏报率，并且能有效防范未知恶意代码。

关键词: 数据安全, 恶意代码, 行为特征, 病毒检测, 最大熵

Abstract: This paper researches the model for detection method of malicious codes based on characteristics of malicious behaviors, and analyzes the key techniques in the realization. The method uses customizing code of the malicious behavior to match and uses two malicious behaviors in short period as the decision-making standard, the information entropy characteristics of the two malicious behaviors are analyzed by the maximum entropy principle. Experimental result shows that the method works in most cases of detection and only has minor errors in few conditions, and it has very positive sense for unknown malicious code detection.

Key words: data security, malicious code, behavior characteristic, virus detection, maximum entropy

中图分类号: 

• TP309

• TP393