Malicious software, also referred to as “malware,” is any software used to, for example, disrupt computer operations, gather sensitive information, or gain access to private computer systems. Malware can appear as executable code, scripts, active content, etc.
Malware can be detected and classified using techniques that compare malware events (e.g. network traffic or other events caused by malware) with classification models. Classifying malware facilitates in identifying an appropriate process for containing, removing, or otherwise neutralizing the effects of the malware.
However, often malware events are mixed with background events. Background events can include traffic or other events from other processes (both malware and legitimate), as well as intentional noise produced by the malware to disguise its own events
Therefore, there is a need for systems and methods for separating malware and background events to facilitate malware classification.