Currently, a massive number of unknown executable software and machine code files are created and released around the world every day. Each individual executable file, application, program, piece or package of software, or the like, whether malicious or non-malicious, may be recognized by behavioral based security software if that security software is to be efficient and effective.
Each minor change in compiled software may modify the software's static fingerprint, whether the software is malicious or non-malicious. As the general use of computer systems increases exponentially, new and modified software is being released and installed on computer systems around the world at an accelerating rate.
Methods of obfuscating the static and dynamic makeup of software are continually being created and implemented for various reasons. Methods to evade security solutions based on scanners and emulators are also being implemented. These changes, as well as the accelerating rate of software installation, impose additional burdens for security software solutions to be able to recognize unknown software.
These burdens are causing unacceptable delays in accurate identification of unknown software by security software. This status quo can also cause inaccurate identification of software, resulting in both false positives and false negatives by current security software, such as for example scanners, anomaly detection, and behavioral based security software. As a result, there is a need for a method, system, computer program product, software application, article and/or computer readable medium of instructions recognizing behavioral attributes of software in real-time.