Mr.Pr

Level 6
Tester
so IMO they talk about machine learning like its beyond everything we had so far.. like it's always ahead of any cyber attack or some thing like that but it's not true i realy insist you to think about it. machine learning what it means? it means your AV gonna "learn" from attacks that it "failed" to protect you against. so it needs to fail to learn you know.. it is not ahead it's always one step behind and BB is actualy can be better since it's not seeking for failing to learn. it will protect you at the first time the attack or malware executed and it will stop the attack if it has something to do with patterns that it knows already, so what exactly machine learning is? it's adding new behavioral patterns that they haven't seen before and they are just too lazy to learn and add it to the AV themselves, so that might even cause people in that company get old in terms of knowledge and some things like that ...

it's not realy somethin good it's more like something about marketing.

that was just my 2 cents..
 
E

Eddie Morra

I think that Ai/ML technologies does help however only when it is implemented with extreme care because it is very easy to start flagging loads of clean software when the data-sets for training are not very good or when the underlying design of the Ai/ML implementation is lazy.

I personally think that at this moment in time, Ai/ML technology on its own is not going to be a reliable source of protection. I also think that many vendors who fall into the aggressive and vicious "next-generation" Ai/ML marketing are more often than not merely a waste of time.

Do you think the traditional approach: BB, signatures can compete on that, or machine learning will be the way?
In my opinion, Ai/ML technology is already a "traditional approach" and has been for several years now - it goes without saying that many of the commonly-considered "traditional vendors" may have had Ai/ML technology dating back from the year 2012 or even prior to this point, long before any of the hype next-gen marketing came along.

Below are some vendors which are using Ai/ML in some shape-or-form.
  1. Avira
  2. Avast
  3. Bitdefender
  4. BullGuard
  5. Cyren
  6. Cylance
  7. CrowdStrike
  8. Doctor Web (Dr Web)
  9. Endgame
  10. ESET
  11. Fortinet
  12. F-Secure
  13. GData
  14. Kasperky
  15. Microsoft
  16. Qihoo 360
  17. SentinelOne
  18. SOPHOS
  19. Symantec
  20. Trend-Micro
  21. Webroot

References for the above list.
https://oem.avira.com/resources/whitepaper_AI_EN_20170717.pdf
AI & machine learning | Technology | Avast
Fighting malware with machine learning | Avast
How Is Machine Learning Used in Bitdefender Technologies?
Machine-learning powers Bitdefender’s intellectual property program
https://www.bullguard.com/press/press-releases/2017/bullguard-launches-next-generation-anti-malware-en?lang=pt-BR
Cyber Security Technology - Start Your Free 30-Day Trial
Machine Learning: What It Is, and What It Isn’t
AI and ML for Security | Resources | Cylance
A Primer on Machine Learning in Endpoint Security »
CrowdStrike Introduces Enhanced Endpoint Machine Learning Capabilities and Advanced Endpoint Protection Modules

Dr.Web Cloud is also involved in the scanning process . When Dr.Web Cloud is enabled, scanning takes place using the latest signatures and machine learning-powered technologies directly from Doctor Web’s servers. Due to the fact that Dr.Web Cloud analyses the object’s unique hash sum, and not the object itself, the verdict is made almost instantly.
Dr.Web — innovative anti-virus technologies. Comprehensive protection from Internet threats.

The Russian anti-virus company Doctor Web has released Dr.Web Security Space and Dr.Web Anti-virus for Windows 11.5. With over a year in development, the updated version incorporates a variety of new threat neutralisation techniques, including those based on machine learning. Dr.Web innovations also provide better protection for UEFI firmware, which is gradually superseding BIOS.
Source: Advanced protection technologies in Dr.Web 11.5

Endgame Ends Document-Based Phishing Attacks With Machine Learning
Machine learning by ESET: The road to Augur
Machine Learning is not new, ESET has been using it for several years already - spectator.sme.sk
Fortinet Introduces Machine Learning Capabilities to its FortiWeb Web Application Firewall for Advanced Behavioral Threat Detection
Use Machine Learning to detect advanced threats
https://www.f-secure.com/documents/10192/2377962/F-Secure-Guide-to-Detection-and-Response.pdf
https://blog.f-secure.com/taking-ai-to-the-next-level-at-f-secure/
https://www.gdatasoftware.com/blog/2018/10/31127-next-generation-antivirus-how-g-data-can-protect-customers-from-unknown-threats
https://www.gdatasoftware.com/blog/2018/11/31299-deepray-foils-cyber-crooks-business-plans
https://www.kaspersky.com/enterprise-security/wiki-section/products/machine-learning-in-cybersecurity
https://media.kaspersky.com/en/enterprise-security/Kaspersky-Lab-Whitepaper-Machine-Learning.pdf
https://support.kaspersky.com/13263
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus
https://cloudblogs.microsoft.com/microsoftsecure/2018/08/09/protecting-the-protector-hardening-machine-learning-defenses-against-adversarial-attacks/
https://blog.360totalsecurity.com/en/ai-cyber-security-360s-qvm/
https://uk.gradconnection.com/employers/qihoo-360-technology-cn/jobs/qihoo-360-technology-machine-learning-and-data-mining-engineer/
https://www.forbes.com/sites/amitchowdhry/2018/03/28/sentinelone/
https://www.sentinelone.com/blog/machine-learning-little-magic-top/
https://www.sophos.com/en-us/press-office/press-releases/2017/11/sophos-adds-deep-learning-capabilities-to-intercept-x-early-access-program.aspx
https://www.sophos.com/en-us/medialibrary/PDFs/factsheets/sophos-intercept-x-deep-learning-dsna.pdf
https://support.symantec.com/en_US/article.HOWTO125816.html
https://www.symantec.com/connect/blogs/machine-learning-new-frontiers-advanced-threat-detection
https://www.symantec.com/blogs/feature-stories/machine-learning-symantecs-past-present-and-future
https://www.trendmicro.com/en_gb/business/capabilities/machine-learning.html
https://blog.trendmicro.com/how-artificial-intelligence-and-machine-learning-are-improving-cyber-security/
https://www-cdn.webroot.com/1215/2510/8234/Machine-Learning-Webroot-Approach-WP_US.pdf
https://www.webroot.com/gb/en/business/threat-intelligence/resources

Based on this, I think it is pretty safe to say that Ai/ML is a pretty common thing now from a factual point-of-view but albeit no one has to agree with me on this.

As per usual, since I love the phrase "it goes without saying"... it goes without saying that there's tons of other security software solutions out there which are using Ai/ML technologies in some shape-or-form.

I recommend that anyone interested checks the following as well.

https://www.welivesecurity.com/wp-content/uploads/2017/08/NextGen_ML.pdf
https://www.welivesecurity.com/wp-content/uploads/2018/08/Can_AI_Power_Future_Malware.pdf
https://cdn1.esetstatic.com/ESET/US/resources/white-papers/ESETus-whitepaper-NextGen_FIN.pdf

https://www.welivesecurity.com/2017/04/18/pr-reality-collide-truth-machine-learning-cybersecurity/
https://www.welivesecurity.com/2017/04/11/fighting-post-truth-reality-cybersecurity/
https://www.welivesecurity.com/2017/04/12/dont-buy-elixir-youth-machine-learning-not-magic/
https://www.welivesecurity.com/2017/04/25/machine-learning-math-cant-trump-smart-attackers/
https://www.welivesecurity.com/2017/11/13/transparency-machine-learning-algorithms/
https://www.welivesecurity.com/2017/05/09/false-positives-can-costly-malware-infection/

I can also provide book titles to anyone who is interested in studying Ai/ML technology on a more educational, informative and technical level... feel free to ask me and I can provide, but you'll have to either purchase or find them yourself using the titles.

it means your AV gonna "learn" from attacks that it "failed" to protect you against. so it needs to fail to learn you know
As far as I know, Ai/ML technologies which are implemented into software in the security software market usually work by flagging samples which are ((x)% > trained data) or ((x)% < trained data).

Usually, the trained data will be controlled by the vendor, allowing the Ai/ML implementation to flag anything not like it or like it depending on how they designed the implementation - they might want it to flag any sample which has characteristics unlike the characteristic data the Ai/ML implementation was trained with, or they could do the same for when any sample doesn't have the characteristics data the Ai/ML implementation was trained with.

There's many different Ai/ML models and each one would have its own appropriate case uses and would be ideal for different things.
 
D

Deleted member 178

Ai/ML at its current state is just marketing crap mostly made opportunist low-class vendors, to boost sales after they saw Cylance getting massive funds... Ridiculous...

Ai/ML can't be effective alone, look at ESET, Symantec and Microsoft, they are on it since years long before the hype, do you see any of their product labeled and advertised as standalone ML/Ai softs? No, because it is not yet reliable all by itself.
Look at Cylance, people here who are using it, don't dare to use it alone, they have to add something alongside (usually default-deny apps).

Maybe in 10 years it may be useful.
At the moment, default-deny is your best solution.
 
E

Eddie Morra

It seems to be common for new kids on the block to run to mama and papa smurf as well... meanwhile, vendors like Avira and ESET are wearing extra-large boxers and aren't necessarily cuddling Microsoft Azure or Amazon Web Service but focusing more on in-house.

Anyone can make an Ai/ML model implementation when most of the hard-work for processing is automated and handled for you... the real task is doing a majority of it in-house. Good luck hiring for it, Google are already paying the best to stick with them, and funding a team of employees with real-world experience for these topics (especially with experience working with large companies like Microsoft, Google, Apple, etc. on things like Ai/ML) is not going to come cheap.
 

JM Safe

From Zemana
Developer
Verified
AI is an alternative to the other protection approaches (AV with signatures, BB, HIPS, Default deny, etc.), unfortunately I think AI is not so reliable nowadays; I think those products give lots of False Positives. Obviously all security is not 100% perfect and reliable and without False Positives, but for now I don't like AI very much, we will see what future will bring for us.
 
D

Deleted member 178

I would also say a good default-deny solution is the best at this time but not sure how common users would like it.
They won't, it is why it is a niche market for geeks only.
Average Joe is lazy and unwilling to learn, they pay so they expect all will be done automatically and efficiently while they spend the day on social medias clicking every malicious links that fit their interest.