The amount of malicious software, also known as malware, is steadily growing. The number of computing platforms for which malware is created is also increasing, and malicious applications for Android OS and Apple iOS are no longer a rarity. Therefore, antivirus companies are faced with new challenges to create new methods of detecting malware.
Known methods for detection of malicious software, which were successful in detecting malware in the past, often fail to detect new types of malware. Currently, the most popular malware detection methods include: heuristic analysis, signature analysis, behavioural analysis, and hash sum analysis. The signature and hash sum techniques are well suited for detecting known malware (i.e., software that has already been investigated and a specimen of which has been entered in a database of malicious software). However, these techniques may fail to detect modified malware code. The heuristic analysis overcomes this shortcoming, but may be ineffective in detecting obfuscated malware. The behavioural analysis often proves most effective in detecting modified malware, but even this method has a number of shortcomings. For example, in order to analyze behaviour of a program using this method, the program needs to be triggered first, which also constitutes the major shortcoming of behavioural analysis, since malicious software, before being detected, can already inflict harm to the system on which it has been triggered. Moreover, the behavioural analysis adversely affects the productivity of the system, as a whole, and the tested program in particular.
Therefore, there is a need to improve behavioural malware detection technique.