VoodooAi - A new artificial intelligence tool

[void011]

A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.

Spoiler: More infos

VoodooAi extracts the features from each of the files, and uploads the raw data to the server. And actually, VoodooAi does not upload any files at all, just the metadata from the features that it extracts (which is why it is not slow). The data that it sends looks something like this: 0, 3, 63000, 1, 0... except the string is a log bigger than that . Also, no personal information is uploaded at all... just the string of numbers.

VoodooAi is not intended to replace VoodooShield, but rather to compliment it and most importantly to detect the unknowns and zero days

Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising

 

[CMLew]

A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.

Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising

What happen if there is no connection? Does it going to work offline too?

 

[void011]

It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary

 

[Deleted Member 333v73x]

Is it compatible with my config? (In my signature) Thanks.

 

[CMLew]

It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary

Thanks for the explanation.
Unfortunately the product isn't suitable for me, since it would render the protection unusable at all if there is no protection, if that's how I see it.

 

[void011]

@Anti-Malware Reviewer for now VoodooAi is just like an on-demand scanner, thus I think it wouldn't conflict with other existed security apps. I can confirm that it really works as I tested it with some samples from virus-exchange & clean files (though still many FPs, Voodoo team is finding resources of clean files as many as possible to train it as well as malicious files). They also plan to integrate VoodooAi into VoodooShield in future.

since it would render the protection unusable at all if there is no protection

Sorry I don't get what you mean..

 

[DracusNarcrym]

This tool indeed looks promising.
I'd like to see or make a comparison of online executable analysis services, such as Valkyrie by COMODO and VoodooAi.
This type ofn technology is going to be an essential part of modern security solutions (apparently it already is for many products).

 

[CMLew]

Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?

 

[SHvFl]

Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?

Yes scanner needs to connect to the voodooshild servers in order to work so you need an active internet connection.

 

[frogboy]

I just gave it a spin and it seems to work quite well. It could turn out to be a very handy tool.

 

[void011]

Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?

Since it doesn't provide realtime protection you can use it as an on-demand scanner like ZemanaAM, HMP but no "remove/quarantine threat" button

 

[SHvFl]

Keep in mind tool still was not trained with a massive clean stuff list so it should improve in the future. Dev is looking for 25000+ clean files to train his software so if anyone has an idea where he can mass download them inform him i guess.

 

[DracusNarcrym]

but no "remove/quarantine threat" button

You can always delete/remove the suspicious file(s) manually.
The most important part is actually detecting which file is malicious or not, in my opinion. The rest is routine procedure (kill malicious process locking the malicious file and then delete the file, or simply delete the file on reboot).

 

[jamescv7]

Indeed a tool that can increase better detection and not too much rely on numerous engines at all, sometimes incorporating a method which is practical result to optimize more on performance. So as the description intended to use the internet for uploading the files and not as like BB/HIPS.

 

[Secondmineboy]

BUG: Screenshot

FP: Screenshot

^^Thats the official current Unity installer.

 

[Lucent Warrior]

VoodooAi Beta (0.90)

Powered by IBM Watson:
http://www.ibm.com/watson/

Spoiler: A look at IBM WATSON

& Microsoft Azure:
https://azure.microsoft.com/en-us/

Direct download link:
You can download the stand alone VoodooAi POC here: InstallVoodooAiPortable90.exe

Spoiler: VoodooAi