Computer malware, such as viruses, worms and Trojan horses, present significant security threats to computer systems and networks. To combat the ever increasing spread of computer malware, a large number of antivirus detection techniques were developed. However, not all malware detection methods are effective in protecting computers against malware; especially when the malware is specifically designed to bypass these detection methods.
In the simplest case, a malware can be a single component or object, for example an executable file that, if launched, performs actions that can cause damage to the computer. Common malware detection techniques, such as signature or heuristic analysis, will typically detect single component malware. However, more complex malware consists of multiple components, with each component performing certain actions; for example, one component may perform actions with files, the second component may modify system registry, and the third component may perform networking functions. Furthermore, each component by itself may not perform malicious actions, but if their actions are combined, they can cause damage to the computer. The common malware detection methods may not be effective in detecting of such multi-component malware with complex infection pattern.
Accordingly, there is a need for a new technique for detection of malware having complex infection patterns.