The　existing　malicious　code　detection　algorithms　which　are　based　on　individual　behaviors　have　some　drawbacks.　In　this　paper　we　present　a　new　malicious　code　detection　algorithm　based　on　behavior　characteristics　by　importing　improved　attack　tree　model　to　describe　the　entity　relationships　during　the　malicious　code　execution　time.　It　is　named　IBC-DA.　The　experiments　result　shows　that　the　proposed　algorithm　works　in　most　cases　of　detection　and　only　has　minor　errors　in　few　conditions.　This　algorithm　has　very　positive　sense　for　unknown　malicious　code　detection.