In the field of network security, the threat of malicious code is an unavoidable topic. How to quickly detect malicious code, prevent and reduce the harm caused by malicious code has always been an urgent problem. This paper proposes a malicious code detection method based on the behavior relation network. First, obtain the behavior report by executing the sample in the sandbox, and then construct a behavior relationship network by extracting the three behavior records of the sample''s API call, registry access, and file read and write operations from the behavior report . The constructed behavior relationship network includes "PE", "API", "Registry" and "File" 4 types of nodes, we then use a metagraphbased method to calculate the similarity matrix between samples, and finally the Support Vector Machine （SVM） model, which kernel is custom defined, is used for training and prediction. Experimental results show that the method proposed in this paper can achieve a classification accuracy of 95.5% and can effectively detect malicious code.