Signal Detectors

There are a few ways in which detectors can be written. They are called holistic and static.

The holistic detectors are based on the behaviour of the attack. For example instead of looking for a particular executable you look for particular behaviour of touching certain files, then running a script.

For the static detectors you are looking for a specific file or executable rather than an adversary behaviour.