In recent years, cybercriminals were able to shift the economic burden in the endless cat-and-mouse game of IT security to the defenders. Malware authors constantly shorten the update cycle of their malicious software by automatically applying obfuscation layers to their samples. Malware authors also highly limit the amount of their own code visible on a machine by using stock tools in so-called "living-off-the-land"-attacks, or don't store their malware on disk at all, known as "file-less malware".

All of these techniques specifically limit the effectiveness of traditional static pattern detection. From the attackers' point of view, these techniques are relatively cheap to implement. On the other hand, attacks using these techniques significantly raise costs for defenders to ...