Cutting through the Noise: Is It AI or Pattern Matching?

Do you trust/believe in "Next Gen - Ai" products?


  • Total voters
    23

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
So, at home we are the actual ML, AI for all the AV companies.
I wouldn't say we're ML or AI because we are not machines or artificial beings. :D

In the End, the ultimate goal for ML is actually increasing accuracy in detecting especially zero-day malware while at the same time aiming to reduce false positive rate.
Precisely! :)
 

Emmanuellws

Level 3
Verified
Mar 11, 2017
132
Since all AVs have business and home version...Do you guys think that companies that has ML in their business version, helps in terms of updating the home version's virus definition with the latest malware threats? I just suspect this is the case now since businesses are the most exposed to zero-day threats. When I went through some AV for home/personal test results online, and those that has ML in their business version, the home versions can detect and protect 100% and has the lowest false positive. What do you guys think? Do you think those who have ML in their business version, can actually help other versions in their line of products?
 
  • Like
Reactions: XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Since all AVs have business and home version...Do you guys think that companies that has ML in their business version, helps in terms of updating the home version's virus definition with the latest malware threats? I just suspect this is the case now since businesses are the most exposed to zero-day threats. When I went through some AV for home/personal test results online, and those that has ML in their business version, the home versions can detect and protect 100% and has the lowest false positive. What do you guys think? Do you think those who have ML in their business version, can actually help other versions in their line of products?
I think so. In fact, I think there would only be one overall ML for businesses and home bases. Of course, there will be differences in operation to optimize detection and categorization, but it works for them as one. But I don't have anything to back up my belief, so mine is just speculation. :D
 
  • Like
Reactions: Winter Soldier

Emmanuellws

Level 3
Verified
Mar 11, 2017
132
Look at this what ML is all about. Based on the Magic Quadrant for Next Gen endpoint protections (2016, outdated) :
upload_2017-4-24_10-47-31.png


under Startegic Planning Assumption stated - Restrict Executables that have not been pre-inspected. (is this AI/ML????????????????????)

upload_2017-4-24_10-50-20.png


Based on the Garner's Quadrant (Early 2016) not updated, "Leaders" section are the ones that has major market share but have not necessarily focus to integrate ML/AI as their main feature up till now, however, under "Visionaries" are the ones that's focusing and redeveloping around Machine Learning or AI capability. Only Cylance does not integrate Antivirus around their "Maths" based detection product.

Real World Detection Test (AV-Comparatives) - Feb 2017 and Mar 2017:
Proves that those has ML with AV, does really protect.
 

MalwareTypes

Level 1
Verified
Nov 7, 2014
27
Example what real AI supposed to be :
Hmmm...I receive a new email.
Ok, someone from Amazon sent me with the title "Please review your order package from Amazon"
Let me login to my Amazon account, weird I never ordered anything.
Ok, back to my email, The content looks legit with my order number and my name. there's an excel file attached to it.
Oh well, Let's take a look at the attachment.
Let's scan it with my most powerful and has the largest updated database in the world Antivirus.....hmmm....................It is Clean!
Opening now.....wait...it is asking me to enable editing when all I want to do is just looking at its content...
ok, sorry, can't continue.
Let me upload to a sandbox first, execute it......ok....there are some interesting stuff happening here....
Oh...wait...in encrypts all the files in the sandbox and shows some messages. It is a zero-day ransomware!
ok, deleting email now and flag it as Malware. Done.

Why like that?

- Someone from Amazon sent me a message with the title "Please review your order package from Amazon"
- I manually go to to Amazon site and log in
- Nothing on the actual Amazon page
- Delete message

Done.
 
  • Like
Reactions: XhenEd

Emmanuellws

Level 3
Verified
Mar 11, 2017
132
Why like that?

- Someone from Amazon sent me a message with the title "Please review your order package from Amazon"
- I manually go to to Amazon site and log in
- Nothing on the actual Amazon page
- Delete message

Done.
hehehe....that way works too. But to learn about the suspicious email attachment...need to upload to Sandbox. Get analysis result and classify it as malware or good application. That completes a machine learning process :)
 
  • Like
Reactions: XhenEd

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top