Model for software behaviour detection based on process algebra and system call

Behaviour detection models based on automata have been studied widely. By adding edge ε, the local automata are combined into global automata to describe and detect software behaviour. However, these methods introduce nondeterminacy, leading to models that are imprecise or inefficient. We present a model of software Behaviour Detection based on Process Algebra and system call (BDPA). In this model, a system call is mapped into an action, and a function is mapped into a process. We construct a process expression for each function to describe its behaviour. Without constructing automata or introducing nondeterminacy, we use algebraic properties and algorithms to obtain a global process expression by combining the process expressions derived from each function. Behaviour detection rules and methods based on BDPA are determined by equivalence theory. Experiments demonstrate that the BDPA model has better precision and efficiency than traditional methods.