中文摘要：

提出了一种基于最小行为的恶意程序分析方法。最小行为，即程序运行时能够表达完整语义的最小应用程序编程接口（application programming interface，API）关联集合。实现了基于最小行为的恶意程序检测原型系统，能够动态捕获恶意程序调用的API及其参数信息，提取API调用之间的使用依赖轮廓，构建恶意程序的最小行为特征向量，利用卡方校验算法实现检测。该方法与传统的基于API频率统计的方法相比，过滤掉了大量无用信息，恶意程序的检出率更高，误检率更低。

英文摘要：

A malware detection method based on minimum behavior is proposed. Minimum behavior is de- fined as application programming interface （API） subsets which the malicious code operates on each resource at runtime. A malicious software （malware） detecting system based on minimum behavior is implemented to dy- namically capture the system calls, and construct the signature of malware by extracting the defined use （def- use） relation between systems calls, and then detect the malware using a chi-square test algorithm. Compared with the method based on the frequency of API, the proposed method has a higher true positive fraction, and the false positive fraction is lower.