The amount of data available to information seekers has grown astronomically, whether as the result of the proliferation of information sources on the Internet, or as a result of private efforts to organize business information within a company, or any of a variety of other causes. The need to be able to securely access information and/or data has increased as well. The proliferation of data and expanding number of users has created more avenues for computer-related attacks (e.g., viruses, worms, Trojan horses . . . ).
Network viruses and worms are an ever growing threat to security of today's Internet-connected hosts and networks. A worm can be described as a destructive program that automatically replicates itself throughout disk and memory using up the computer's resources and possibly shutting down the system. Generally, a virus refers to malicious software that can infect a computer. After virus code is written, it is often buried within or otherwise attached to an existing program. Once a host program is executed, the virus is activated and attaches copies of itself to other programs in the system. Infected programs automatically copy the virus to other programs.
Because one characteristic of the Internet is unrestricted access, it is relatively easy for worms to propagate across networks thereby causing mass destruction. Most often, by the time a worm is detected, damage has already occurred. Similarly, today's efforts to mitigate damage from and detection of worms have been most often directed to known worms and viruses. A need exists to effectively and accurately detect unknown viruses and worms that plague today's computer networks and systems.