Individuals and organizations often seek to protect themselves from attacks on networks and/or computing systems under their supervision. Attacks may take a variety of forms. For example, an attack may involve a file that executes malicious code. Other attacks may involve an executable attempting an unauthorized network connection, a buffer flow of a trusted program, or any other number of suspicious and/or malicious activities. In some scenarios, an individual or organization may suffer an attack from an advanced persistent threat (i.e., a sustained attempt on the part of an attacker to gain unauthorized network access to a computing system for an extended period of time). Advanced persistent threats generally employ continuous evasion techniques to remain undetected by traditional intrusion prevention systems.
Traditional methods for detecting threats may include heuristic analysis to detect variants of known issues. However, such analysis techniques generally examine potential threats in isolation from one another, without considering the broader security context within which a threat may occur. Furthermore, traditional methods for detecting advanced persistent threats are generally resource intensive yet may still fail to properly identify an attack. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems for implementing behavioral detection heuristics.