To　overcome　the　shortcoming　of　traditional　methods　in　feature　extraction,　unknown　malicious　codes　detection　based　on　the　Lempel-Ziv-Welch(LZW)　compression　algorithm　was　proposed.　The　strings　were　extracted　from　file　character　flow.　The　length　of　strings　was　not　over　a　thredhold.　Then,　compression　dictionaries　of　normal　code　and　malicious　code　were　built　by　extracted　strings.　To　detect　unknown　malicious　codes,　the　normal　code　dictionary　and　malicious　code　dictionary　were　used　to　compress　a　tested　file　and　two　different　compression　ratios　were　obtained.　According　to　the　minimum　description　length(MDL)　theory,　the　authors　compared　the　two　compression　ratios　and　classified　the　tested　file　into　the　class　in　which　got　better　compression　ratio.　Experimental　results　show　that　the　method　of　unknown　malicious　code　detection　based　on　LZW　compression　algorithm　has　a　good　effect.