The invention relates to systems and methods for protecting computer systems from malware.
Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, rootkits, and spyware, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
Security software may be used to detect malware infecting a user's computer system, and additionally to remove or stop the execution of such malware. Several malware-detection techniques are known in the art. Some rely on matching a fragment of code of the malware agent to a library of malware-indicative signatures. Other conventional methods detect a set of malware-indicative behaviors of the malware agent.
Security software may place a significant computational burden on a user's computer system. The proliferation of malware agents leads to a steady increase in the complexity of malware detection routines, signature databases, and behavior heuristics, which may further slow down anti-malware operations. To lower computational costs, security software may incorporate various optimization procedures, but each such procedure typically addresses a particular case or category of malware, and may not translate well to newly discovered malware.
To keep up with a rapidly changing set of threats, there is a strong interest in developing fast, robust and scalable anti-malware solutions.