The malicious software detection based on characteristics matching cannot find unknown malicious software and the origin of harms. To solve this problem, a method is proposed to detect malicious software according to the subject-object association. It uses SSDT HOOK technology to monitor the software behaviors and records those into logs. To improve the accuracy of detection, it proposes a risk assessment algorithm. First it does the subject-object behavior association in logs, and then makes the risk assessment for every subject to find the origin of harms.
展开▼
