Cylance & AI based antivirus fooled to avoid malware detection
A group of web application security specialists designed a method to bypass Cylance’s antivirus solution, powered by artificial intelligence software. Using this method, specialists managed to trick this antivirus, making it think that malware variants like WannaCry are legitimate software.
Among members of the cybersecurity community it
is believed to think of artificial intelligence as the ultimate solution for
malware detection. Supporters of this idea claim that its use would
significantly improve the capabilities of conventional antiviruses, as
artificial intelligence is able to find updated versions of known malware and
even unregistered flaws, such as zero-day vulnerabilities.
Security firm BackBerry Cylance has opted for
the development of an artificial intelligence engine for PROTECT, its endpoint
malware protection system; “This tool can anticipate malicious actors even
for years,” mention the firm’s web application security experts.
However, the research, published by Vice,
states that experts have already developed a method to circumvent the detection
of this machine learning algorithm. Generally, hackers try to alter the source
code of the malware to try to dodge antivirus programs, in this case,
researchers developed a method that consists of taking some strings of
legitimate software and adding them to the code of the malware, so this will be
detected as a conventional program.
According to web application security experts,
this approach was successful because Cylance’s machine learning algorithm
focuses primarily on detecting benign software, ignoring malware’s own
elements. In addition, this approach works even if the Cylance engine
previously concluded that the same file was malicious, before the common
software strings were added to it.
Experts tested this attack using the WannaCry
ransomware, known for the computer chaos generated a couple of years ago, in
addition to the latest version of SamSam, another dangerous variant of
ransomware.
According to specialists from the International
Institute of Cyber Security (IICS), this is a sign of the long work that
remains to be done in the development of artificial intelligence because,
although over the years this kind of attack vectors, this option will still not
be a definitive solution.
(Visited 2 1 times)
Gloss