Viruses, Trojans, spyware, and other kinds of malware are a constant threat to any computing device which requires network connectivity. Many different types of security systems exist to combat these threats, ranging from browser plug-ins to virus scanners to firewalls and beyond. Countless new instances and permutations of malware are created every day, requiring security systems to be constantly updated. Despite this vigilance, computing devices continue to be infected by threats of all types. An attack may bypass several layers of security systems before being detected, and may do so on many computing devices simultaneously.
Traditional systems for securing computing devices against malware may need to be manually updated with signatures and/or heuristics in order to detect new attacks. Traditional security systems which fail to detect an instance of an attack may continue to fail to detect the same attack in the future. Some traditional security systems may also fail to identify that an attack which infected the computing device did so by bypassing the security system. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for reevaluating apparently benign behavior on computing devices.