1. Field of the Invention
Embodiments of the present invention generally relate to a computer security system and, more particularly, to a method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer.
2. Description of the Related Art
Widespread Internet usage by small to large organizations results in an increase in computer-related attacks. Various malicious software programs (e.g., viruses, Trojan horses, worms and/or the like) cause many of these related computer attacks. These malicious software programs may be transmitted (i.e. downloaded) to a vulnerable computer without user consent and/or knowledge as executable files, email attachments, multimedia files (e.g., video files, audio files and/or the like), malicious HTML code on web pages and/or the like. Furthermore, the malicious software programs surreptitiously infect vulnerable computers via files employing obfuscation techniques.
The malicious software programs may exert control over an operating system and modify various files (e.g., system registry entries) and/or settings (e.g., background color, screen saver and/or the like) in order to disrupt normal operation. The malicious software programs may also exploit computers for illegitimate purposes. For example, a certain malicious software program may misappropriate sensitive data, such as intellectual property, customer data, medical histories, financial records, purchase orders, legal documents, privileged and/or confidential information, social security numbers, addresses, pictures, documents, contacts and/or the like.
Current detection technologies require an incredible amount of processing power to analyze network traffic for malicious software programs. Computer system specialists must devote a significant amount of time and resources into developing heuristics and software code for discerning the malicious software programs from clean network activity. Unfortunately, malware authors routinely modify the malicious software programs to avoid detection.
Therefore, there is a need in the art for a method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer.