关键词: 模型检测，克里普克结构，控制流，系统状态，标记函数

Abstract: Malware detection is an important part of information security technology. The detection based on program behavior characteristics can remedy the limits of binary signature detection method. Model checking technology can verify a program's specific behavior property, which requires a model for the target program, in order to obtain a transition system which is coincident with Kripke structure. Current model checking technology and Kripke structure were thoroughly analyzed, and then the method of generating Kripkc structure was proposed, which is based on the full control flow information and greed strategy. I}he generated transition system can fully represent the control flow information and describe the changes of target system status.

Key words: Model checking, Kripke structure, Control flow, System status, Lable function