With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. Malicious code becomes a new breed of Internet threat that cannot be efficiently controlled by conventional antivirus software alone. Especially as modern malwares are growing in their level of sophistication and their methods of hiding malicious code to evade detection, the effective detection of malware becomes more and more difficult.In this paper we explore the mechanism of the malicious code by static and dynamic analysis methods, then extract the malware file information, string dump, import function table,system process and network behaviors, and focus on initial analysising the critical techniques of detection against the malicious code as well. Afterwards,by mining the undocumented data structures in Windows system, three detection methods are provided. API calling sequences and calling arguments are extracted based on Windows Detours library. The simulation results illustrate the effective of methods addressed in the paper. |