The invention relates to systems and methods for protecting computer systems from malware.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, unsolicited adware, ransomware, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others. Malware may further display material that is considered by some users to be obscene, excessively violent, harassing, or otherwise objectionable.
Security software may be used to detect malware infecting a user's computer system, and additionally to remove or otherwise incapacitate such malware. Several malware-detection techniques are known in the art. Some rely on matching a fragment of code of the malware agent to a library of malware-indicative signatures. Other conventional methods detect a set of malware-indicative behaviors of the malware agent.
Malware evolves quickly, so as to stay ahead of detection algorithms. To address such rapidly changing threats, providers of security software typically adjust detection methods and/or parameters on the scale of minutes to hours, for instance by re-training classifiers to detect new malware versions. Typically, such re-training is computationally costly. Moreover, the introduction of a new behavioral detection algorithm, or even changing an existing one, typically require extensive testing as well as a re-compilation of the source code of the respective security software. Only then can the new software version be delivered to clients, for instance as a software update. In contrast, in signature-based detection systems, a new malware signature can be easily added to an existing set of signatures.
Therefore, there is a strong interest in developing anti-malware solutions capable of swiftly updating algorithms and/or parameters, to keep pace with the ever-changing nature of malware.