| Article ID: | iaor201111200 |
| Volume: | 55 |
| Issue: | 1-2 |
| Start Page Number: | 80 |
| End Page Number: | 86 |
| Publication Date: | Jan 2012 |
| Journal: | Mathematical and Computer Modelling |
| Authors: | Han Lansheng, Fu Cai, Zou Deqing, Lee ChangHoon, Jia Wenjing |
| Keywords: | security |
Detecting unseen illegal codes is always a challenging task. As the main action to deal with this problem, the behavior detection is unsatisfactory in both effectiveness and efficiency. This paper proposes task‐based behavior detection (TBBD) which detects new illegal codes based on the user’s task instead of only on the software behavior. First, the paper proposes three prerequisites of TBBD and four judgment rules, i.e., resource abnormal rule, relation abnormal rule, space abnormal rule and time abnormal rule. Then, by analyzing the effectiveness and comparison of the four judgment rules, we present an explicit judgment process of TBBD. Finally, the paper carries on the experiments. The test result verifies the validity and feasibility of TBBD.