Week 9. Improving Threat Detection
Antivirus companies have tried different methods to detect and stop threats. Unfortunately, they seem to be one step behind the malware makers. There are many various types of malware detections; all can be summarized into three groups: pattern matching, instruction matching, and behavioral detection. Pattern matching is usually referred to as signature or fingerprint matching. It searches the files for known patterns. Once a match or close match is found , the file is flagged as a threat and is classified according to the pattern's threat class. With that said, the pattern was found and studied from one of the infected machines . By the time the pattern gets extracted from the malware and updated to the installed detection software, the malware already infected many more. Instruction matching is similar to pattern matching technique. However, instead of look for known fingerprints, it looks for ...