With the advent of general access computer networks, such as the Internet, people may now easily exchange application data between computer systems. Unfortunately, some people have taken advantage of such easy data exchange by developing various threats, such as malware, etc.
To date, numerous types of systems and techniques have been developed for combating such threats. For example, intrusion detection systems (IDS's) have been introduced for comparing network traffic against numerous patterns (e.g. signatures, etc.) that are indicative of an attack. Upon the detection of such a pattern in network traffic, an appropriate response may be initiated.
Unfortunately, IDS's mainly rely on attack patterns which need to be created, tested, and deployed on a regular basis to end users from an IDS vendor. Specifically, two problems arise from this strategy. First, novel attacks are not necessarily detected until appropriate patterns have been released. Secondly, due to the multitude of attack variations, the use of predefined patterns becomes more and more difficult. In particular, for example, IDS vendors are required to release signatures with increased frequency, but still struggle to catch up with the latest threats.
There is thus a need for overcoming these and/or other problems associated with the prior art.