VoodooAi - A new artificial intelligence tool

Status
Not open for further replies.

void011

Level 2
Thread author
Verified
Nov 25, 2015
51
A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.
VoodooAi extracts the features from each of the files, and uploads the raw data to the server. And actually, VoodooAi does not upload any files at all, just the metadata from the features that it extracts (which is why it is not slow). The data that it sends looks something like this: 0, 3, 63000, 1, 0... except the string is a log bigger than that ;). Also, no personal information is uploaded at all... just the string of numbers.
VoodooAi is not intended to replace VoodooShield, but rather to compliment it and most importantly to detect the unknowns and zero days
Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising :D
 
Last edited:

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
A new artificial intelligence tool to identify threat (zero - day or not) from VoodooShield.
It works by uploading raw metadata of file(s) to the database & analyzing it.

Require .NET 4.5 to work, VoodooAi installer will automatically install it if not installed.
Download (0.66beta): Installer or Portable (if .NET 4.5 is already installed)
Source

Looks promising :D

What happen if there is no connection? Does it going to work offline too?
 

void011

Level 2
Thread author
Verified
Nov 25, 2015
51
It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary ;)
 
D

Deleted Member 333v73x

Is it compatible with my config? (In my signature) Thanks.
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
It requires internet connection to work (for now) as I stated (sorry unclearly) that it uploads raw metadata. It will give an error message.
P/s: Next time you don't need to quote the whole post if not so necessary ;)

Thanks for the explanation.
Unfortunately the product isn't suitable for me, since it would render the protection unusable at all if there is no protection, if that's how I see it.
 

void011

Level 2
Thread author
Verified
Nov 25, 2015
51
@Anti-Malware Reviewer for now VoodooAi is just like an on-demand scanner, thus I think it wouldn't conflict with other existed security apps. I can confirm that it really works as I tested it with some samples from virus-exchange & clean files (though still many FPs, Voodoo team is finding resources of clean files as many as possible to train it as well as malicious files). They also plan to integrate VoodooAi into VoodooShield in future.
since it would render the protection unusable at all if there is no protection
Sorry I don't get what you mean..
 
Last edited:

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
This tool indeed looks promising.
I'd like to see or make a comparison of online executable analysis services, such as Valkyrie by COMODO and VoodooAi.
This type ofn technology is going to be an essential part of modern security solutions (apparently it already is for many products).
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
Yes scanner needs to connect to the voodooshild servers in order to work so you need an active internet connection.
 

void011

Level 2
Thread author
Verified
Nov 25, 2015
51
Sorry, pardon my english. What I meant is that once internet connection is turn off, there the scanner will not be functioning? Since it is relying on-line right?
Since it doesn't provide realtime protection you can use it as an on-demand scanner like ZemanaAM, HMP but no "remove/quarantine threat" button ;)
 

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,342
Keep in mind tool still was not trained with a massive clean stuff list so it should improve in the future. Dev is looking for 25000+ clean files to train his software so if anyone has an idea where he can mass download them inform him i guess.
 
  • Like
Reactions: frogboy

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
but no "remove/quarantine threat" button
You can always delete/remove the suspicious file(s) manually. :p
The most important part is actually detecting which file is malicious or not, in my opinion. The rest is routine procedure (kill malicious process locking the malicious file and then delete the file, or simply delete the file on reboot).
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Indeed a tool that can increase better detection and not too much rely on numerous engines at all, sometimes incorporating a method which is practical result to optimize more on performance. So as the description intended to use the internet for uploading the files and not as like BB/HIPS.
 
L

Lucent Warrior

VoodooAi Beta (0.90)

Powered by IBM Watson:
http://www.ibm.com/watson/



& Microsoft Azure:
https://azure.microsoft.com/en-us/

Direct download link:
You can download the stand alone VoodooAi POC here: InstallVoodooAiPortable90.exe

VoodooAi.png
 
Last edited by a moderator:
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top