Static Extracting Method of Software Intended Behavior Based on API Functions Invoking

The method of extracting and describing the intended behavior of software precisely has become one of the key points in the fields of software behavior's dynamic and trusted authentica-tion. In this paper,the author proposes a specified measure of ex-tracting SIBDS (software intended behaviors describing sets) statically from the binary executable using the software's API functions invoking,and also introduces the definition of the struc-ture used to store the SIBDS in detail. Experimental results dem-onstrate that the extracting method and the storage structure defi-nition offers three strong properties: (i) it can describe the soft-ware's intended behavior accurately; (ii) it demands a small stor-age expense; (iii) it provides strong capability to defend against mimicry attack.