In specific private cloud scenarios, how to defend against malicious software and ensure data security is one of the current research hotspots, and sandbox is an important detection method. This paper proposes a dynamic behavior detection technique based on sandboxing, which real-time monitors and analyzes malicious software behavior. By improving the sandbox behavior weight, integrating virtual resources, and designing fine-grained access control, the detection accuracy and efficiency are enhanced based on zero trust access control system. The simulated attacks are identified on the testing platform, drawing knowledge graphs, achieving effective discovery and tracing. Meanwhile, this paper verified through experiments that the system consumption of the detection method is within an acceptable range, expanding the detection range and reducing the missed detection rate.