Consumers and businesses face a growing tide of malicious software that threatens the stability and performance of their computers and the security of their data. Computer programmers with malicious motivations have created and continue to create viruses, Trojan horses, worms, and other programs (collectively known as “malware”) in an attempt to compromise computer systems. In an attempt to evade detection, malicious programmers may inject malware into or among legitimate programs.
Many security software companies attempt to combat malware by creating and deploying malware signatures (e.g., hash functions that uniquely identify malware) to their customers on a regular basis. However, a significant amount of malware has not yet been identified and therefore cannot be detected using traditional signature-based malware-detection mechanisms, particularly since malware authors may regularly modify their malware in an attempt to circumvent commonly employed signature-based malware-detection mechanisms.
In addition to or as an alternative to signature-based approaches, security software companies may utilize a variety of heuristics to classify files or programs (e.g., as malware or as safe) based on various characteristics and/or behaviors. Unfortunately, heuristic-based classification methods may result in an unacceptable number of false positives and/or false negatives. As such, the instant disclosure identifies a need for improved malware-detection mechanisms and techniques.