As the types of threats to the security of computing devices have changed and grown more sophisticated, techniques for detecting threats have likewise evolved. For example, the emergence of advanced persistent threats (APTs)—malware custom-designed for a specific target—may pose particular problems, since an APT may be unknown to malware detection tools. As another example, malware designed to conceal its presence on a computing device (e.g., a rootkit), may also evade detection by traditional scanning mechanisms.
Organizations increasingly turn to white lists, application inventories, and software analysis techniques to identify new malware threats and to limit execution of software to software programs known to be safe. Unfortunately, these approaches may yield frequent false positive results or may interrupt the normal use of legitimate software programs, particularly programs unique to an organization or small number of users.
In view of the above, the instant disclosure identifies a need for additional and improves systems and methods for determining the trustworthiness of software programs.