摘要 |
A malicious program detection method and device. The method comprises: obtaining an application programming interface (API) called by a user program, and inserting in the API a first aspect-oriented programming (AOP) aspect (101); when the API is called by the user program and operates, collecting, via the first AOP aspect, operation context information of the API (102); determining, according to the operation context information, whether the API is an unauthorized API (103); and determining, according to a determination result, whether the user program is a malicious program (104). The malicious program detection method and device decrease detection difficulty and realize an effective detection for detecting a malicious program. |