The researchers argue that a new classification technique is required that "describes malware behavior in terms of system state changes (such as files written, processes created) rather than in sequences or patterns of system calls. To address the sheer volume of malware and diversity of its behaviour, we provide a method for automatically categorising these profiles of malware into groups that reflect similar classes of behaviours and demonstrate how behaviour-based clustering provides a more direct and effective way of classifying and analysing internet malware."
The researchers demonstrated the usefulness of this approach during a six-month period on 3,700 malware samples.
Traditional, signature-based antivirus methods for detecting and squelching the growing volumes and variety of viruses and other malware have been termed dead by some industry watchers.
Companies such as McAfee, Symantec and Trend Micro have in fact started to reveal plans to move their security products to the next level through whitelisting and other approaches.