COMPUTER SCIENCE
and ENGINEERING

The performance of behavior feature of existing malware is single and it result in detected difficultly. So we use behavioral division to build a multidimensional malicious database which is consist of file operation, net access and memory access. We improved data mining algorithms prefixspan to prefixspan-x in construction process. Prefixspan-x adds function of automatic machine frequent sequence query while discarding the frequent sequences which is not satisfied with condition. And we use this model to dynamic interception and malware detected process. It will overcome the questions that static model cannot detect packers and confusion. Experimental results show that the proposed feature detection technology has high accuracy and low false negative rate.

Behavioral Trajectories, Data Mining, Prefixspan-x, Signature, Threshold