Increasingly, computer systems have needed to protect themselves against undesirable computer code. Such undesirable computer code has generally taken the form of viruses, worms, Trojan horses, spyware, adware, rootkits, and so forth. The damage and/or inconvenience capable of being incurred by these types of undesirable code has ranged from mild interference with a program, such as the display of an unwanted political message in a dialog box, to the complete destruction of contents on a hard drive, and even the theft of personal information.
Many mechanisms have been created in order to provide the much needed protection from such undesirable computer code and/or the affects thereof. Such mechanisms generally include detection applications, such as scanners, which scan for and clean undesirable computer code, and firewalls, which block undesirable computer code.
Current detection technology is predominantly based on finding patterns in computer code. However, such computer code is vulnerable to structural modifications. Thus, in order to circumvent the aforementioned detection technology, authors of undesirable computer code need only use techniques such as instruction reordering, junk data insertion, code obfuscation, etc. Such circumventing techniques change the computer code structurally while preserving any semantics, thus making the undesirable computer code difficult to detect.
There is thus a need for overcoming these and/or other problems associated with the prior art.