The history of computer security may be viewed as a series of offensive maneuvers and defensive responses. As malware creators have devised new attacks, anti-malware system designers have responded with methods for detecting the attacks and protecting computing systems against them. The use of stealth strategies has made some forms of malware particularly difficult to defend against. Polymorphic malware, for example, does not have a fixed signature that can be detected using typical scanning methods.
Once malware gains a foothold in an organization by successfully infecting a computing system, other systems within the organization may be subject to repeated attacks until defenses on the systems are breached. Widespread infections of this type are typical of botnets, where covert software running on many computing systems carry out such malicious tasks as sending large quantities of spam email or conducting denial of service attacks.
Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for detecting system attacks originating from compromised computing systems.