Security News AI quickly cooks malware that AV software can't spot

HarborFront

Level 72
Thread author
Verified
Top Poster
Content Creator
Oct 9, 2016
6,141
DEF CON Machine-learning tools can create custom malware that defeats antivirus software.

In a keynote demonstration at the DEF CON hacking convention Hyrum Anderson, technical director of data science at security shop Endgame, showed off research that his company had done in adapting Elon Musk’s OpenAI framework to the task of creating malware that security engines can’t spot.

The system basically learns how to tweak malicious binaries so that they can slip past antivirus tools and continue to work once unpacked and executed. Changing small sequences of bytes can fool AV engines, even ones that are also powered by artificial intelligence, he said. Anderson cited research by Google and others to show how changing just a few pixels in an image can cause classification software to mistake a bus for an ostrich.

“All machine learning models have blind spots,” he said. “Depending on how much knowledge a hacker has they can be convenient to exploit.”

So the team built a fairly simple mechanism to develop weaponised code by making very small changes to malware and firing these variants at an antivirus file scanner. By monitoring the response from the engine they were able to make lots of tiny tweaks that proved very effective at crafting software nasties that could evade security sensors.

The malware-tweaking machine-learning software was trained over 15 hours and 100,000 iterations, and then lobbed some samples at an antivirus classifier. The attacking code was able to get 16 per cent of its customized samples past the security system’s defenses, we're told.

This software-generation software will be online at the firm’s Github page and Anderson encouraged people to give it a try. No doubt security firms will also be taking a long look at how this affects their products in the future. ®

Read more; AI quickly cooks malware that AV software can't spot
 
Last edited by a moderator:
5

509322

I was waiting for something like this to be reported as I knew it would be just a matter of time: "Ai defeats Ai security solution." So your "Next-Gen Ai" wonder-security-soft-weapon is statistically no better than current "non-Next Gen" solutions.

In fact, you don't even need Ai to defeat Next Gen Ai.
 
Last edited by a moderator:
D

Deleted member 178

I was waiting for something like this to be reported as I knew it would be just a matter of time: "Ai security solution defeats Ai security solution." So your "Next-Gen Ai" wonder-security-soft-weapon is statistically no better than current "non-Next Gen" solutions.

In fact, you don't even need Ai to defeat Next Gen Ai.
i was waiting for it too, it was obviously expected. So much for Ai/machine learning, i knew it was all talk...
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
The new malware may be self-aware, and this is definitely a problem.
But if we think that many "normal" malware, when started in a sandbox, delay their execution for hours, days or even weeks, to fool security products and analysts, well, then this is already a level of intelligence.
 

Windows_Security

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 13, 2016
1,298
Artificial Intelligence (AI) engines are champions in answering the "looks like" (diagnostic) question, like a doctor relates your symptoms to a disease.

Heuristics can determine new variants of existing malware families, AI took this a giant step further by being able to recognizing unknown variants of existing malware in terms of (PE) data & origin patterns. AI is the next level of PE/reputation analysis/heuristics , like sand boxing is the next step of Code emulation. AI may be over-hyped but it is already part of a few "traditional" AV's and will be part of every AV in one to two years.

The picture below explains where Artificial Intelligence-Machine learning is good at (with current technology). Artificial intelligence determines that sample A looks like goodware and sample B looks like malware. Machine Learning is the part that promotes (characteristics of) unknown Sample A and B to the reference sets they were close to. After this process the reference data set has increased in size and reliability..

upload_2017-8-5_13-0-20.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top