Malicious software, also known as malware, affects a great number of computer systems worldwide. In its many forms such as computer viruses, worms, and rootkits, malware presents a serious risk to millions of computer users, making them vulnerable to loss of data and sensitive information, identity theft, and loss of productivity, among others.
For example, while surfing the Internet a user may click on an advertisement that opens a web portal to download controls and arbitrary code in the background which executes to exploit a vulnerability in the browser. This can happen in part because the downloaded arbitrary code runs in the same context as the browser and with the same privileges. The executed arbitrary code is then capable of downloading more payloads and infecting the system further, thereby propagating itself laterally across the system.
Existing anti-malware software provides malware detection and removal. The anti-malware software generally executes with the same privilege as that of the malware. Hence, if new malware is able to exploit a vulnerability in a software system leading to the system being compromised without detection, then the malware may also disable or modify the anti-malware software to continue to avoid detection.
Some anti-malware software includes signature-based anti-virus (AV) programs. These are generally effective against known viruses, but are of little use against zero-day exploits. Zero-day exploits represent the first infection of a previously-unknown virus. This is because the signature-based AV programs rely on prior knowledge of the signature of the virus to detect the attack from the virus. As such, signature-based AV programs cannot protect against zero-day exploits.