Conventional anti-virus software can detect known viruses, but is ineffective against new malware, or so-called zero-day attacks.
The new technique involves logging suspicious activity in individual computers on a network, and matching it against other connected systems.
"The question is whether I should shut down the network and risk losing business for a couple of hours for what could be a false alarm, or keep it running and risk getting infected," said Senthil Cheetancheri, a UC Davis graduate student who led efforts to develop the strategy.
"One suspicious activity in a network with 100 computers can't tell you much. But when you see half a dozen activities and counting, you know that something's happening."
The second part of the system is an algorithm that rates the cost of shutting down a computer against the cost of letting malware run loose on the network. The software can either allow the IT manager to make a decision, or be configured to take action automatically.
The system can also evaluate the importance of individual machines. For example, the cost of taking down a network server is much higher than for a seldom used computer, so the algorithm would shut down the latter, less valuable, system first.
The team has developed an experimental detection engine and is now trying to make sure that it runs without hogging server time and bandwidth and interfering with other applications.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23