This paper mainly analyzed the detection and defense methods of malicious code, proposed to extract features by variable-length N-gram, and used weighted IG for feature selection. Finally, the performance of naive Bayesian (NB), random forest (RF), and support vector machine (SVM) classification models was compared. The results showed that the variable-length N-gram had a good performance in feature extraction, and weighted IG was better than IG in feature selection. Furthermore, the SVM model had the best performance in classifying malicious code and normal code, with an F1 score of 0.9367 and a log loss of 0.0321, which were better than the other two models. The results verify the reliability of the proposed method in the detection and defense of malicious code, which can be further applied in practice.