BEHAVIORAL MALWARE DETECTION USING AN INTERPRETER VIRTUAL MACHINE

Described systems and methods allow protecting a computer system from computer security threats such as malware and spyware. In some embodiments, a security application executes a set of detection routines to determine whether a set of monitored entities (processes, threads, etc.) executing on the computer system comprise malicious software. The detection routines are formulated in bytecode and executed within a bytecode translation virtual machine. Execution of a detection routine comprises translating bytecode instructions of the respective routine into native processor instructions, for instance via interpretation or just-in-time compilation. Execution of the respective routines is triggered selectively, due to the occurrence of specific events within the protected client system. Detection routines may output a set of scores, which may be further used by the security application to determine whether a monitored entity is malicious. 所描述的系统及方法允许保护计算机系统免受例如恶意软件及间谍软件的计算机安全威胁的侵害。在些实施例中，安全应用程序执行组检测例程以确定在所述计算机系统上