Malicious code detection based on behaviors is the development direction of anti-virus techniques. However, the current detection methods based on this theory expose several problems such as the unclearness of behavior sequence analysis and the high false negatives. For this situation, this paper proposes a malicious code detection method based on leastsquares estimation. In this method, it correlates program behaviors with time and subject-object, and then constitutes an accurate and complete behavior sequence. It can provide a preprocessing method for the subsequent detection. In order to improve the accuracy and intelligence of malicious code detection, we introduce the concept of expert subjective degree.
By modeling malicious samples based on least-squares estimation we can train the Expert Subjective Degree Vector (ESDV) and simulate experts to judge the threat values of malicious codes.Experiments show that this method is more accurate than the current ways to detect the malicious codes which execute themselves in sub-period and sub-process ways, so it can be used as an effective complement of the current anti-virus software.