Cyber Security: AI's role in fighting Malware Malware is everywhere in cyber-space. Malevolent code is passed widely around, infecting and distorting systems. The battle against the evil code that is out there is taken on by Malware Busters - passed on to the public by security firms - working hard to protect systems from malevolent code. Artificial intelligence (AI) cannot not automatically detect and resolve every potential malware or cyber-threat incident. However, because it can be used to model of both bad and good behaviour, it can be used as a weapon against even the most advanced malware. Traditionally bad-behaviour modelling has been uses to create 'signatures' of malware that can be used to detect and remove them. Products that use good-behaviour modelling will detect many forms of malware that a signature-based tool will miss. Instead of the reactive security of the past, today's AI-based malware prevention solutions focus on delivering proactive security. Their approach is built around AI models that have inbuilt Machine Learning capabilities. They are trained to identify malware before it executes, without the use of signatures, frequent updates, or cloud connection. The AI models improve their understanding of the threat situation by machine learning and can increasingly be capable of calculating the risk of executable code damage, and then decide whether a file is safe and can be executed, or needs to be quarantined. The move from trapping malware to hunting itThreat Trapping
Threat Hunting
This new aproach is promising, but a lot of work has to be done before it can replace the old 'trap' method. Currently it is being used tentatively in conjunction with traditional forms of malware opposition. Writing in April 2021 Peter Rawlinson from Bristol University said that 'we have made ground–breaking in-roads into the detection and blocking of cyber-attacks in real-time, seeing ransomware detected within four seconds, and reducing file encryption by over 80%'. A lot of work is currently being done in Universities to explore how AI can be used more effectively to detect attacks and to combat them when they occur. In the UK Bristol University is leading the pack on this work. Professor Pete Burnap (Professor of Data Science & Cybersecurity) is at the forefront of the research into this area. |
|