Behavioral analysis generally involves observing the behaviors exhibited by files over a predetermined period of time. For example, a behavioral analysis system may load, execute, and/or interact with a file to observe whether the file exhibits any potentially malicious behaviors. In some cases, a behavioral analysis system may be responsible for analyzing a large number of files. However, the behavioral analysis system inevitably works with a limited amount of resources. Accordingly, the behavioral analysis system ordinarily eventually terminates the analysis of a given file (e.g., freeing resources to analyze a new file). By loading, executing, and/or interacting with files over a sufficient period of time, behavioral analysis systems may be generate information regarding the safety, nature, health, and/or stability of the files.
Unfortunately, conventional behavioral analysis systems may suffer from various shortcomings and inefficiencies. For example, a conventional behavioral analysis system may be unable to accurately predict how much time is needed to observe all of the interesting behaviors exhibited by a particular file. On the one hand, in the event that too much time is dedicated to analyzing the file, the behavioral analysis system may be dedicating time and resources to the file without gaining new relevant information. On the other hand, in the event that too little time is dedicated to analyzing the file, the behavioral analysis system may run the risk of not observing relevant behaviors exhibited by the file (e.g., behaviors indicating that the file is unsafe and/or malicious).
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for efficiently allocating resources for behavioral analysis.