As computer systems become more and more interconnected with the expansive use of computer networks, the threat of infection by hostile software transported over such computer networks has steadily increased. Here, hostile software may include any software that could affect a computer system in an undesirable or otherwise unwanted manner. Traditional anti-virus techniques have curtailed the spread of hostile software to a certain extent. However, such techniques typically rely on some type of inspection of a computer system for known hostile software signatures. Thus, such an approach is often incapable of handling hostile software for which a signature has not been positively identified, such as in the case of hostile software that has not yet been created. Even for existing hostile software, delays associated with identification of the hostile software's signature may lead to additional damage and further opportunity for the hostile software to re-spawn.
Furthermore, as hostile software become increasingly sophisticated, the task of identifying such signatures may become significantly more difficult and time-consuming, or worse, may become impossible in some instances. For example, hostile software may mutate such that a previously identified signature for the original hostile software may no longer be useful in identifying the mutated version of the hostile software. Thus, there exists an urgent need for improved techniques to detect and respond to new and more sophisticated hostile software in the face of the ever higher usage of network-enabled computer systems.