With the rapid development of science and technology, people are also increasingly relying on computers and the Internet. For a wide variety of purposes, people with bad intentions can hack the servers/computers on the Internet through system vulnerabilities or malicious programs to steal data or crash the system.
To deal with these hacking behaviors, the current prior art adopts the detection mechanism of signature-based or static features for protection. However, these detection mechanisms are based on the pre-determined signatures or static features to determine the abnormal behavior of the program operation, so the detection means are limited to a fixed form and difficult to resist the malicious programs with confusion features. In addition, dynamic analysis is often limited by the Sandbox environment settings. Therefore, when the malware's behavior sequence varies in length and is impure, it is hard to find a general feature pattern as a basis for judging the abnormal behavior of the program.
In view of the above, how to establish an abnormal behavior detection model that does not depend on predetermined signatures or static features and is not affected by different Sandbox environment settings is urgent needed for the industry.