As the use of internet-enabled devices grows, attackers may increasingly attempt to distribute and/or trick users into downloading illegitimate or malicious files. For example, attackers may distribute emails or post links on websites that contain malware (e.g., viruses, worms, Trojan horses, spyware, adware, etc.). Once executed by or downloaded to a computing device, a malicious file may perform one or more harmful behaviors, such as tracking a user's computing activity, gaining access to sensitive information stored within a computing device, and/or hindering the performance of a computing device.
Conventional methods for detecting and/or preventing malware attacks may involve creating signatures that identify or summarize various characteristics of malicious files. For example, an anti-malware technology may compare an incoming file with one or more malware signatures to determine whether the file is potentially malicious. Unfortunately, this conventional anti-malware technology may be unable to efficiently and/or effectively identify some malicious files using such malware signatures.
In one example, an anti-malware technology may generate malware signatures based on static characteristics (e.g., portions of code) of malicious files. Such malware signatures, however, may be unable to accurately determine the consequences of executing a malicious file. Unfortunately, this conventional anti-malware technology may need to compare incoming files to a vast number (e.g., hundreds of thousands) of malware signatures, potentially requiring excessive time and/or resource consumption.
The instant disclosure, therefore, identifies and addresses a need for improved systems and methods for creating behavioral signatures used to detect malware.