ABSTRACT
In this paper, the Bochs virtual machine is used in the acquisition of the behavior of a code, which provides the basis for modeling the behavior of a malicious code.
2 ANALYSIS OF THE PROGRAM BEHAVIOR ACQUISITION METHOD
At present, the main method to monitor the behavior of a running malicious code can be divided into three types, i.e., the environmental comparison method, debug method, and system call monitoring method.