With Internet use forming an ever greater part of day to day life, malicious software—often called “malware”—that steals or destroys system resources, data, and private information is an increasing problem. Governments and businesses devote significant resources to preventing intrusions by malware. Malware comes in many forms, such as computer viruses, worms, trojan horses, spyware, keystroke loggers, adware, and rootkits. Some of the threats posed by malware are of such significance that they are described as cyber terrorism or industrial espionage.
To counter these threats, governments, enterprises, and individuals use a range of security applications and services. Typically, these applications and services scan a device for a signature of a security exploit. Responsive to finding the signature, the applications and services quarantine or delete the exploit. The applications and services often miss more sophisticated security exploits, however, and often the applications and services are not configured to detect exploits or take any actions until an exploit has gained a substantial foothold on a device.
For example, actions taken by malicious code to gain a foothold on a device (e.g., through exploiting a vulnerability in the device) are often also actions commonly taken by benign code, so current measures either do not attempt to take preventative measures at this initial stage of an exploit or are limited to alerting a user, due to the high likelihood of confusion of a benign action with a malicious one. This failure to take action can result in further damage, loss, or difficulty in removing the exploit.