AI-based AV solution can be bypassed by adding gaming code to malware
Researchers have disclosed that they were able to repeatedly sneak malware past a leading AI-based endpoint security solution simply by appending benign code strings from a video game file to the malicious code.
The solution, CylancePROTECT, from Cylance and its parent company BlackBerry, failed to detect almost 90 percent of the 384 malware programs that researchers amended with the gaming code, according to a company blog post published yesterday by Sydney, Australia-based Skylight Cyber. And it missed 100 percent of the top 10 malwares of May 2019.
Skylight researchers decided to used the video game code to create a “universal bypass” exploit after a careful analysis of the CylancePROTECT’s engine and model found that the security solution had a demonstrated a “bias” for a popular game. (Skylight has not publicly revealed the name of the game.)
The AI model’s bias was the result of Cylance programmers whitelisting certain executables from the video game, perhaps to avoid these executables from generating false positives in the antivirus solution. With that in mind, Skylight researchers extracted strings from the game’s main executable and added them to the end of the malware files to make them look harmless.
The exploit worked. The CylancePROTECT solution, which scores files from -1000 (most malicious) to +1000 (most benign), originally applied a score of -852 to a malicious version of Mimikatz. After researchers appended the video game code, CylancePROTECT changed the score to a +999.
While this technique was specifically meant to work on Cylance, the researchers warn that malicious actors could similarly analyze other AI-based malware detection solutions for weaknesses or biases and devise ways to bypass them. In its blog post report, Skylight says that its analysis of the Cylance product involved studying its logs, reverse engineering code, learning its inner workings via patent submissions and public talks and using static and dynamic analysis to dissect Cylance’s file scoring process.
“BlackBerry Cylance is aware that a bypass has been publicly disclosed by security researchers. We have verified there is an issue with CylancePROTECT which can be leveraged to bypass the anti-malware component of the product,” the Cylance team declared in an official corporate statement yesterday. “Our research and development teams have identified a solution and will release a hotfix automatically to all customers running current versions in the next few days. More information will be provided as soon as it is available.”
“This research underscores that artificial intelligence hasn’t achieved the level of smarts to match the hype. Machine learning can’t go toe-to-toe with sophisticated programmers behind today’s malware,” said Pat Ciavolella, digital security and operations director for The Media Trust, in emailed comments. “AI-based solutions have built-in biases and blinders that prevent them from detecting, let alone anticipating, new, increasingly sophisticated malware being launched every second. The most iron-clad cybersecurity defense is a combination of AI and a digital security team trained in identifying new malware cloaked in numerous forms of appended or obfuscated code.”
Gloss