Software behaviour analysis method based on behaviour template

This paper proposes a software behaviours analysis method based on behaviour template (SABT), which according to the context of source code, builds a behaviour template to detect software malicious behaviour based on function transfer map and minimum function blocks. In the present research, many methods used state transfer diagram to build software behaviour model. Our method is based on the corresponding relationship between the functions and system call sequence, which ensures the accuracy of the malicious behaviour detection. Compared with traditional methods, such as N-gram, FSA, and Var-gram, SABT can get higher cover rate of code and detect abnormal behaviour more effectively and efficiently.