Existing techniques for identifying malicious processes are generally rules-based and rely on human-defined lists of malicious binaries and processes. These existing methods are inherently reactive and often advance only after significant delay following the spread of malicious processes.
In other words, these techniques rely on previous occurrences of malicious processes to detect subsequent malicious processes. Accordingly, these techniques may be useful only after malicious processes have already caused harm to existing systems or assets.
A need exists, therefore, for methods and systems that are more proactive in identifying malicious processes.