FIGHTING VIRUS AND MALWARE WITH ARTIFICIAL INTELLIGENCE

Artificial intelligence is a branch of computer science which perturb computer or computer software acquit like humans. Artificial intelligence has required a significant character in the expansion of antivirus for higher secured environment. At present most of the virus’s uses advanced artificial intelligence techniques to intrude into the victim’s system which has made security products to utilize active learning techniques and artificial intelligence for virus detection. AI is the procedure of instructing computers that how “intelligently” identify patterns. In particular Machine Learning (ML) and Artificial Intelligence (AI) techniques help companies provide the best security products in the market.

Malware or Viruses
Malware is a software designed to invade or damage a computer system without the owner’s
informed consent. Some malicious software are viruses, worms, wabbits, trojanhorses, exploits, backdoors, spyware, scumware, stealware, parasiteware, adware, rootkits, keyloggers, dialers, hoaxes. It is important to be aware that however all of them have similar purpose but each one behave differently. Due to different behavior of different malwares, each malware group uses different alternative to remain undetected. Antivirus software require improvisation to counter attack such viruses for computer protection.

Malwares are gettings intelligent day by day, they utilize heuristics to change their code dynamically to prevent detection from antivirus. We cannot predict how much intelligent they can become with these active learning techniques.

Diogo O Beltran has predicted that –
“By the year 2040, AI will appear on computer viruses that will communicate with each other using a universal Internet language and will be programmed to fuse together and mutate into Computer Organs that will later be controlled by powerful search engines (Systems) diffused throughout the Internet.”.

No one has challenged this prediction so far.

To grasp how viruses are detected and recognised we have to understand how they infect a system and we can classify these types in two broad categories- Non resident virus is a computer virus that is not stored on the hard drive of the computer that is impacted. Rather it infects an executable file and upon execution of that file it infects the system and may hop on another if executable file is transferred to another system. Resident virus can be fast infectors type which is designed to infect as many files as possible and as well as slow infectors using stealth and encryption techniques to stay unexplored outlast. This virus may be one of the worst kinds as they can affect the system thoroughly even attaching itself to anti-virus applications which allows it to infect any file scanned by the program.

A.I. Techniques applied in antivirus detection

In a virtual environment the antivirus software classifies sequences/features by their behavior
by allowing them. This new detection is more effectual in inspecting system information, including system file, and diagnosing which kind of computer virus is infected by differentiating with the traditional methods. Basically two techniques are applied to detect an antivirus using artificial intelligence and they are –

Heuristic technique
Heuristic technique is an artificial intelligence technique, is a method to solve a problem, commonly an informal method. It is particularly used to rapidly come to a solution that is reasonably close to the best possible answer or optimal solution.

Metaheuristic Technique
Metaheuristic are mainly applied to problems for which there is no adequate problem specific
algorithm or heuristic. Concrete method for virus detection using neural networks can be implemented. The main metaheuristic uses some techniques for the virus detection are pattern matching, automatic learning, environment emulation, neural networks, bayes networks, hidden markov models, data mining and others.

A whitepaper published by an major antivirus provider Panda Security is an perfect example of how their antivirus has evolved with time to counterattack the different malwares which are becoming intelligent day by day.

Year 1990: First generation
Purely based on signature detection and script heuristics.
|
Year 2000: Second generation
Personal firewalls to identify and stop network worms based on packet signatures, Panda Security integrated the SmartClean functionality into the anti-malware engine, designed to disinfect and restore the Operating System from a spyware or Trojan backdoor infection.
|
Year 2004: Third generation
TruPrevent technology with behavioral analysis and behavioral blocking. Adaptable to new malware exploits and techniques.
|
Year 2010: Fourth generation
Real-time sensor network, Automated malware collection, Automated malware processing, and classification, Automated malware remediation.
This field is already a very hot research field and security companies are spending fortune on research and development for developing products with built in artificial intelligence to counter such malware. Symantec one of the biggest security products provider in the world has developed STAR (Symantec’s Security Technology and Response) which has an engine, called SONAR, a core part which scans and detects the malware. SONAR system uses artificial Intelligence-techniques to learn the difference between good and bad applications. It look for sequences of suspicious behaviors in running programs that are uncharacteristic of legitimate software; when SONAR observes such a suspicious sequence, it can terminate and remove the offending program immediately, without any virus fingerprints.

Advancement in the techniques utilized by antivirus softwares has made the average lifespan of malware shorter from months and weeks to days and hours.

Fight between antivirus and malware still continues……

–Sugandha Sharma

No Comments Yet

Comments are closed