As used herein a “threat” comprises malicious software, also known as “malware” or “pestware”, which comprises software that is included or inserted in a part of a processing system for a harmful purpose. The term threat should be read to comprise possible, potential and actual threats. Types of malware can comprise, but are not limited to, malicious libraries, viruses, worms, Trojans, adware, malicious active content and denial of service attacks. In the case of invasion of privacy for the purposes of fraud or theft of identity, malicious software that passively observes the use of a computer is known as “spyware”.
In a networked information or data communications system, a user has access to one or more terminals which are capable of requesting and/or receiving information or data from local or remote information sources. In such a communications system, a terminal may be a type of processing system, computer or computerised device, personal computer (PC), mobile, cellular or satellite telephone, mobile data terminal, portable computer, Personal Digital Assistant (PDA), pager, thin client, or any other similar type of digital electronic device. The capability of such a terminal to request and/or receive information or data can be provided by software, hardware and/or firmware. A terminal may comprise or be associated with other devices, for example a local data storage device such as a hard disk drive or solid state drive.
An information source can comprise a server, or any type of terminal, that may be associated with one or more storage devices that are able to store information or data, for example in one or more databases residing on a storage device. The exchange of information (ie. the request and/or receipt of information or data) between a terminal and an information source, or other terminal(s), is facilitated by a communication means. The communication means can be realised by physical cables, for example a metallic cable such as a telephone line, semi-conducting cables, electromagnetic signals, for example radio-frequency signals or infra-red signals, optical fibre cables, satellite links or any other such medium or combination thereof connected to a network infrastructure.
An entity can comprise, but is not limited to, a file, an object, a class, a collection of grouped data, a library, a variable, a process, and/or a device.
A problem faced by the computer system industry is how to identify a malicious entity in a processing system. Traditional methods comprise using a dictionary containing signatures of malicious entities which can be used to determine if an entity in a processing system is malicious.
However, due to malware changing rapidly as new versions or modifications of malware infect processing systems, dictionaries need to be continually updated in order to determine which entities are malicious. When modified or new versions of malware infect a processing system which the dictionary is not configured to identify, it is difficult identify a malicious entity in the processing system.
Therefore, there exists a need for a method, system and/or computer readable medium of instructions to identify a malicious entity in a processing system which addresses or at least ameliorates one or more problems inherent in the prior art.
The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that that prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.