An efficient, robust and scalable malware recognition module is the key component of every cybersecurity product. Malware recognition modules decide if an object is a threat, based on the data they have collected on it.
This data may be collected at different phases:
• Pre-execution phase data is anything you can tell about a file without executing it. This may include executable file format descriptions, code descriptions, binary data statistics, text strings and information extracted via code emulation and other similar data.
• Post-execution phase data conveys information about behavior or events caused by process activity in a system. In the early part of the cyber era, the number of malware threats was relatively low, and simple manually created pre-execution rules were often enough to detect threats.
The rapid rise of the Internet and the ensuing growth in malware meant that manually created detection rules were no longer practical – and new, advanced protection technologies were needed. Anti-malware companies turned to machine learning, an area of computer science that had been used successfully in image recognition, searching and decision making, to augment their malware detection and classification. Today, machine learning boosts malware detection using various kinds of data on host, network and cloud-based anti-malware components.