Unknown malware is commonly used in advanced attacks, in particular APTs (Advanced Persistent Threat), to avoid being detected. For example, a targeted attack using phishing email weaponized with unknown malwares can easily achieve a successful initial compromise. Thus, for detection of advanced attacks, special attention and defense measurements should be taken to detect unknown malwares. This Recommendation analyzes threats related to unknown malwares and specifies requirements of unknown malware detection based on dynamic behavior analysis.