Malware are widely used on cybercrime or cyber attacks to compromise devices and critical assets on computer networks. This can help malicious people to achieve many goals like stealing critical or sensitive data like credit card numbers, personal data, patent information, etc; and launch distributed denial of service (DDOS) attacks to slow other networks or make them unavailable.
The number of malicious binaries is alarmingly increasing. For instance, in 2013, 200,000 new suspicious malware binaries were identified each day and, in 2014, around 800,000 new suspicious malware binaries were identified each day.
The security community noticed that most of the new malware are variants of existing ones. It also appears that most of the malware are ephemeral (between 70% and 90% of malware appear only once, 82% of them remain active only 1 hour). Due to these facts, antivirus software, which are most of the time based on signature detection, decrease in efficiency because a new signature has to be created for each new variant of a malware, even if this new one is ephemeral. This is time consuming and not efficient. Signature-based malware detection is showing its limits and the security community has to find new approaches and methods to handle the large volume of malware with better detection rates.
In addition to the challenge of handling large volume of new malicious binaries, the security community has to fight with sophisticated malware or never seen before ones, also known as unknown or zero-day malware. Major security incidents that occurred in the past years has clearly shown that zero-day malware have the most severe impacts. Therefore, special attention should be paid to them. However, detecting them remains a big challenge for the security community.
The new system and method disclosed herein help fighting malware and particularly zero-days malware.