Embodiments of the present disclosure provide for improved capabilities in the detection of malware, where malware threats are detected through the accumulated identification of threat characteristics for targeted computer objects. Methods and systems include dynamic threat detection providing a first database that correlates a plurality of threat characteristics to a threat, wherein a presence of the plurality of the threat characteristics confirms a presence of the threat; detecting a change event in a computer run-time process; testing the change event for a presence of one or more of the plurality of characteristics upon detection of the change event; storing a detection of one of the plurality of characteristics in a second database that accumulates detected characteristics for the computer run-time process; and identifying the threat when each one of the plurality of characteristics appears in the second database.
展开▼