The vigorous development of computer and information technologies has led to extensive use of e-commerce, electronic document transfer, cloud storage and other computer technologies by users in their daily lives. For example, a substantial number of users are storing their personal and confidential information on computers, and the overwhelming majority of businesses are conducting their financial and commercial activity via electronic devices and services.
The widespread use of the described computer technologies has in turn given rise to an increased number of instances of their use for hacking. A large number of different malicious programs (also known as malware) have appeared, and the number of computer systems affected by them has grown significantly. Some malicious programs steal the personal and confidential data of users from computer systems (such as logins and passwords, banking information, electronic documents), others form so-called botnets from the infected computer systems, and still others impose paid services on users.
Many different security technologies are used to protect computers against malicious programs—antivirus programs, firewalls, intrusion detection systems (IDS) and so on, which are able to both effectively detect malicious programs and remove them. While the effective repair of a computer infected by a malicious program is more important to the users, for companies it is high operating efficiency and effectiveness in detecting attempts to infect computer systems.
The majority of existing security solutions are aimed primarily at detecting and removing malware whose behavior or structure are already known. Therefore, when a computer system finds itself attacked by a new, unknown or obfuscated malware (specifically, malicious scripts), the existing security solutions become ineffective. Furthermore, the tasks of detecting infected computer systems with compound malicious programs (specifically, malicious scripts), which are made up of several files, not every one of which carries the malicious functionality, also present great difficulty to the known security solutions.