1. Field of the Invention
The present invention relates generally to computer security.
2. Description of the Background Art
Computer security threats include malicious codes and online threats. Examples of malicious codes include computer viruses, worms, Trojans, rootkits, and spyware. Online threats include various schemes of distributing malicious codes online, and other computer security threats that rely on the anonymity, freedom, and efficient communication provided by the Internet, such as denial of service (DoS) attacks, network intrusion, phishing, and spam.
Products for combating computer security threats are commercially available from various computer security vendors. These computer security vendors typically employ a team of antivirus researchers and data collection nodes (e.g., honey pots) to identify and provide solutions against discovered computer security threats. These solutions, which are also referred to as “antidotes,” are distributed by the vendors to their customers in the form of updates. The updates may include a new pattern file containing new signatures or updated signatures for detecting computer security threats by pattern matching. One problem with this approach is that computer security threats can mutate rapidly and periodically, making them difficult to identify by pattern matching. Another problem with this approach is that the size of pattern files continues to increase as more and more computer security threats are identified. Mutation of existing computer security threats contributes to this volume problem as it increases the number of patterns for a computer security threat. Yet another problem with this approach is that targeted threats, i.e., an attack on a particular organization rather than on the Internet as a whole, may remain undetected because of legal issues associated with receiving and analyzing data, such as emails containing confidential or personal information, from particular companies and its personnel.