Antivirus software uses a variety of virus detection techniques. Originally, antivirus software
depended on signature-based detection to flag malicious software. Antivirus programs
depend on stored virus signatures — unique strings of data that are characteristic of known
malware. The antivirus software uses these signatures to identify when it encounters viruses
that have already been identified and analysed by security experts.
Signature-based malware cannot detect new malware, including variants of existing malware.
Signature-based detection can only detect new viruses when the definition file is updated
with information about the new virus. With the number of new malware signatures increasing
at around 10 million per year as long ago as 2011, modern signature databases may contain
hundreds of millions, or even billions, of entries, making antivirus software based solely on
signatures impractical. However, signature-based detection does not usually produce false
positive matches.
Heuristic-based detection uses an algorithm to compare the signatures of known viruses
against potential threats. With heuristic-based detection, antivirus software can detect viruses
that haven’t been discovered yet, as well as already existing viruses that have been disguised
or modified and released as new viruses. However, this method can also generate falsepositive matches when antivirus software detects a program behaving similarly to a malicious
program and incorrectly identifies it as a virus.
Antivirus software may also use behaviour-based detection to analyse an object’s behaviour
or potential behaviour for suspicious activities and infers malicious intent based on those
observations. For example, code that attempts to perform unauthorized or abnormal actions
would indicate the object is malicious, or at least suspicious. Some examples of behaviours
that potentially signal danger include modifying or deleting large numbers of files,
monitoring keystrokes, changing settings of other programs and remotely connecting to
computers
Tagged with: DETECTION TECHNIQUES