An increasing number of computers are connected to computer networks (e.g., the Internet). Networked computers provide a significant benefit of accessing and sharing data over the networks. However, these networked computers are also vulnerable to attacks, unwanted intrusions, and unauthorized access.
Certain existing network security systems have been developed to protect computers from attacks, unwanted intrusions, unauthorized access, and other malicious activities. Such network security systems typically include a firewall to prevent unauthorized access to the network or its computers. Exemplary network security systems also include intrusion detection systems (IDS) and intrusion prevention systems (IPS) that typically contain a library of malware fingerprints (e.g., fingerprints of malware payloads and other unauthorized activities). By using the malware fingerprints, the IDS or the IPS can detect attempts to access computer systems without authorization. When a connection is attempted to a network port, the IDS or IPS examines the low-level IP data packets and compares them to its library of fingerprints for a match. When a match is identified, the IDS or IPS provides notification of the match and/or prevents further access. Therefore, the malware fingerprints play a critical role in network security.
A critical threat to computer networks is the so-called zero-day attack that exploits security vulnerabilities previously unknown to software developers or system operators. Because the security vulnerabilities are unknown to the software developers or system operators, often the fingerprints of such zero-day attacks are unavailable for comparison. Until the fingerprints are identified, attacks exploiting the same security vulnerabilities continue without detection by the network security systems. However, identifying the fingerprints of malicious activities in the middle of numerous other non-malicious processes is not a trivial task.
Because network security systems depend on the malware fingerprints, there is a great need for efficient methods of identifying fingerprint data for previously unknown types of malicious and/or unauthorized activities.