Network requests from machines at endpoints in a network can fall prey to malware of various types. Producers of malware are continually striving to outwit producers of malware detection systems and methods, and vice versa. In various malware detection systems and methods, there is an intrinsic trade-off between accuracy and efficiency. Typically a malware detection method or system consumes system resources such as memory, communication bandwidth, and/or processing bandwidth, in order to increase detection. An efficient method or system would consume less system resources, and have a low rate of false positives in identifying malware. Some malware detection systems check network requests against websites known to distribute malware. However, producers of malware can generate new websites quickly, which may evade such detection.
It is within this context that the embodiments arise.