FEATURE August 2013 Computer Fraud & Security 11 Malware detection by behavioural sequential patterns Traditional signature-based malware detection techniques are the basis of many industrial anti-virus products. These techniques are preferred because of their high detection rate versus low false alarms. Because false alarms can cause loss of useful and harmless information and executables, products with high false alarm rates have never been acceptable as standalone security products. Even though signature-based techniques do not suffer from these pitfalls, these approaches do have a Mansour Ahmadi, Young Researchers and Elite Club, Shiraz Branch, Iran; Ashkan Sami, Hossein Rahimi, Babak Yadegari, Shiraz University, Iran For many years, malware has been the subject of intensive study by researchers in industry and academia. Malware production, while not being an organised business, has reached a level where automatic malicious code generators/ engines are easily found. These tools are able to exploit multiple techniques for countering anti-virus (AV) protections, from aggressive AV killing to passive evasive behaviours in any arbitrary malicious code or executable. Development of such techniques has lead to easier creation of malicious executables. Consequently, an unprecedented prevalence of new and unseen malware is being observed. Reports suggested a global, annual economic loss due to malware exceeding $13bn in 2007. 1