Research on a malicious code behavior acquisition method based on the Bochs virtual machine : H.Y. Liu & Y.J. Cui

doi:10.1201/9781315226187-251

Chapter

Research on a malicious code behavior acquisition method based on the Bochs virtual machine

ABSTRACT

In this paper, the Bochs virtual machine is used in the acquisition of the behavior of a code, which provides the basis for modeling the behavior of a malicious code.

2 ANALYSIS OF THE PROGRAM BEHAVIOR ACQUISITION METHOD

At present, the main method to monitor the behavior of a running malicious code can be divided into three types, i.e., the environmental comparison method, debug method, and system call monitoring method.