To solve the problems of long detection time, poor stability, and overall performance of traditional malicious code behavior detection methods, a malicious code behavior detection method based on improved Euclidean distance is proposed. Analyze the data types of malicious code behavior and calculate the similarity matching degree of malicious code behavior; Using support vector machines to partition malicious code behavior data; Determine the redundancy of malicious code behavior data and complete data preprocessing; By performing dot multiplication on the Euclidean distance matrix and the redundancy of malicious code behavior data, malicious code behavior detection is achieved. The experimental results show that this method has fast detection speed, high accuracy and stability, and can effectively detect the behavior of malicious code to a certain extent. It has good recall rate and comprehensive indicators, which can improve the effectiveness of malicious code behavior detection.