Abstract: Malware brings a major security risks to the Internet today,followed by much research has concentrated on detecting malware. Nowadays, many malware detection methods are difficult to effectively detect new malware samples. These detection methods can effectively identify the known malware samples but not new variants. Therefore, a malware detection method based on Ontology and family graph was proposed. First, extract the malicious sample behavior information by configuring the cuckoo sandbox, and then do data cleaning on the generated report and construct the malware behavior description graph. Finally, the family behavior description graph was constructed by graph clustering of the known malware family behavior. And all the information in the obtained behavior description graph was used to construct the malware domain ontology according to the ontology construction rules. The behavior ontology of individual malware samples and the behavior ontology of family after graph clustering were described respectively. In this way, the malware was detected and classified. The experimentalt results show that this approach is effective with more accurate compared to other existing approaches.proaches.