Existing systems may detect malware on a device, e.g., a computer, by scanning for a fingerprint or signature of the malware. For example, anti-virus software may be constantly updated with new signatures of known bad software, and it then scans and finds the signature of the malware on the device. This method may also be used for intrusion detection systems for network infrastructures or computer hosts. An alternate method is to compare software in the device with a known good baseline. This method is understood to be effective only when the software is static with few or no unknown changes. Many false positives would be generated if the files supporting the legitimate software are changed dynamically by the users.
Challenges that arise with respect to malware detection, particularly on small mobile devices, may include: (1) lack of computing power; (2) lack of battery power; (3) dynamicity of content on the device; (4) use of device dependent operating platforms; and (5) lack of security controls on the devices. Additional challenges are inevitable in enterprise models of mobile communication, e.g., corporate BLACKBERRY®. Enterprise solutions pose additional challenges due to the distributed nature of the infrastructure, sensitivity of data in an enterprise, and/or scalability of a security solution required to detect any unauthorized data access.