Program anomaly detecting approach based on behaviors analysis
一种基于行为分析的程序异常检测方法

For the purpose of protecting system resource, process behaviors anomaly at runtime was analyzed and summarized, and a program anomaly detection approach was put forward based on behaviors analysis. By setting check-points on running system, API hook under user-mode was used to detect process behaviors on operating resources, and Bayes algorithm was used to estimate the validity of program behaviors. An alarm would be given when detecting anomaly.