The invention relates to systems and methods for protecting computer systems from malicious software.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, unsolicited adware, ransomware, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others. Malware may further display material that is considered by some users to be obscene, excessively violent, harassing, or otherwise objectionable.
Security software may be used to detect malware infecting a user's computer system, and additionally to remove or prevent the execution of such malware. Several malware-detection techniques are known in the art. Some rely on matching a fragment of code of the malware agent to a library of malware-indicative signatures. Other conventional methods detect a malware-indicative behavior, such as a set of actions performed by the malware agent.
Malicious software relies on various strategies to evade detection. One such strategy involves obfuscation techniques, for instance encrypting malicious code, or using slightly different code versions on each infected computer (a feature commonly known as polymorphism). Another exemplary detection avoidance method divides malicious activities among a plurality of agents, wherein each agent performs a separate set of actions, which cannot be considered malware-indicative when taken in isolation from the actions performed by other agents.
There is a strong interest in developing systems and methods of detecting such advanced malware.