Interconnected systems, such as, for example, the global Internet, can deliver information to more people at a faster speed and is important in the current global economy. However, as recent history has shown, these interconnected systems are often dealing with security risk issues. Security risks include, but are not limited to, for example, identity theft and theft of proprietary information. In many cases, information theft is facilitated by malicious software (malware) that has exploited a computer system. Malware is typically is software designed to infiltrate or damage a computer system without the owner's informed consent or knowledge.
Because malware exists, there is a need to detect malware as a method of defense against information theft. However, previous approaches are unable to detect variations of an original file in memory (RAM). This includes, but is not limited to, files that represent an executable in memory. By extension, previous approaches are not efficient in detecting executables in RAM, particularly if some parts of the executable portions are altered at runtime. Additionally, previous approaches are not efficient in detecting variants of the same malware or malware protected by a packer or encryptor. Therefore, the current technology is limited in its capabilities and suffers from at least the above constraints and deficiencies.