Consumers and businesses face a growing tide of malicious software that threatens the stability and performance of their computers and the security of their data. Computer programmers with malicious motivations have created and continue to create viruses, Trojan horses, worms and other programs to compromise computer systems. These malicious programs are often referred to as malware. In an attempt to evade detection, malicious programmers may inject malware into or among legitimate programs.
Security software companies are combating malware by creating and deploying malware signatures (e.g., hash functions that identify malware) to their customers on a regular basis. However, a significant amount of malware has not yet been identified and therefore cannot be detected using traditional signature-based malware detection.
In addition to or instead of signature-based detection, security software companies may attempt to detect malware through behavioral analysis. In behavioral-analysis technologies, security software may monitor a computer system for malicious behavior. For example, the security software may determine that a certain process (i.e., a running computer program) is responsible for a detected malicious behavior. However, a process may include executable code from more than one file. Accordingly, behavioral-analysis technologies alone may not sufficiently pinpoint a file infected with malware.