The increasing prevalence and sophistication of malicious software, also referred to as malware, such as rootkits and spyware, have become first-order threats to the computer system and network security. For example, spyware having the rootkit's ability to conceal its presence can wreak havoc on the computer system and network security.
A rootkit refers to a set of software tools that are used to conceal the presence of running processes, files, and/or system data, such as network connections, memory addresses, and registry entries, from programs used by system administrators. Spyware refers to a large class of software capable of covertly monitoring a system or a network, and transmitting data collected therefrom to third parties. Spyware encompasses network sniffers and keystroke and password loggers.
The ease with which the malware can be inserted into a system or a network through a variety of different delivery methods and apparatus, such as a universal serial bus (USB) flash drive, a compact disk (CD), an email attachment, or files downloaded from unclassified networks, has made the filtering-based prevention mechanism an insufficient defense. Furthermore, the malware's ability to evade detection has also raised concerns about the ability to detect the malware based on its signature or intrinsic behavior, such as system call sequences or memory region accesses.
The industry spends billions of dollars for purely preventive defense mechanisms, such as firewalls, packet filters, and signature- or behavior-based detection. If, however, the preventive defense mechanism fails to stop the malware, the malware can reach systems in a network and cause serious damage to the systems. Damage can be particularly harmful if the malware is left undetected for long periods of time. For example, exploitation of spyware-gleaned information pertinent to a network, such as authentication credentials or server names and IP addresses, can introduce further compromise of other devices and services, leading to an avalanche compromise of the information technology (IT) infrastructure of the network.