Dynamic program behavior model based on layered dependencies

It is effective to ensure the credibility of program to monitor the real-time status in the whole process when the program is been executed. Aiming at the problem of high convexity of feature extracting and interaction between false positive and false negative rate in current study, this paper proposed one kind of program behaviour model based on the dependencies. It constituted variable-length system call sequences according to the sifting and relevance analysing of system calls generated from running program. We can get the feature sequence through layered analysing, aggregation and simplification. Experiments on the selected samples show that the model is feasible and has better control on false positive and false negative rate.