Despite the spiel, we're still some decades from true anti-malware AI The cybersecurity industry is investing heavily in "machine learning" technologies in the hope of providing a more dynamic defence against malware. The practical upshot of this is that the delegates to the RSA Conference next week are likely to hear a lot about artificial intelligence in next-generation antivirus (NGAV) even …
The next logicial stage is that those greedy bastard Malware creators will use AI to their own advantage..
Cynical, who, me, definately..... The "dark force" has the same availibility to AI tools as everyone else , why would they not use them ! There is so much money to be made that it is impossible for them to resist... and some back-handers to the legal companies will ensure the continuing availibility .
Never underestimate the lengths to which people will go to when they have something to gain !!
And never forget that those doing the nasty might actually be on the "good" side of the law....... NSA, Mossad, FSK, MI6 etc etc I can easilly imagine entering an American Airport and your computer being analysed by some AI system that determines on it's own whether or not you have "terrorist" tendancies.... and that that same machine leaves some nasty malware ( virus) behind after it has calculated that your AntiVirus solution is not updated regularly and that you credit card details show no subscriptions to similar services.
AI is only in it's birth, it has the entire lifespan of humankind waiting to nurture it... and it will eventually be capable of making a decision, equal to that of any meatbag..
We are the creaters of AI, but unfortunately it is likely to pass us by. When I considers that the best chance of human survival it to destroy 98% of the population because statistically that it was we programmed it to do, then, and maybe then, we might begin to understand just how relevant we truly are...
"when they have something to gain"
I'll up-vote your spirit, but you mention "something to gain" much like a monetary value prize of some sort, when in reality you can also include "breaking a system for the sport of it" as another motive. And one that has zero monetary value. Like simple vandalism, etc.
My favorite analogy is; an online service is much like a store-front window. script-kiddies and low level hackers can just throw bricks at it, and I as the shopkeeper can either buy expensive, bullet-proof windows or fencing. Or I could hire a security guard to stand out front and chase off the riffraff, or just move to another neighborhood. Still, one must admire the Wiley E. Coyote level hacker that can come in through the roof, or just disassemble the window, or make it disappear altogether. In that case, the inside of the shop should also be better protected, as in not having your customer lists, money, and products ready for the taking should a nogoodnik make entry.
But the reason you don't see Rube Goldberg-type entries is that the REALLY sophisticated people steal data the EXACT SAME WAY it get access PROPERLY. Because the biggest, most sophisticated threats were, are, and always will be insiders, and you can never completely defend against insiders.
Charles 9 : I agree with you, now imagine that those Rube Goldberg types have access to AI which is capable of determining the best Social Engineering technique to use, or that is capable of finding material suitable for blackmailing the Email/Domain Admin , you get the point...
Malware isn't necassarily written/used only by the "bad guys"
AI is database. How can you spoil or steal that database?
1. You can steal it. However, it makes no piratical sense - AI database cannot be read, only used/ you can find only senseless sets of weighted phrases, neural networks. How to make money on this?
And if AI is illegally used - it can be identified instantly, because all AIs are absolutely unique.
2. You may try to alter AI. But it's relational by meanings database and even tiny change destroys all relations - ot's like you perform an operation on a human brain - which can be detected immediately.
Cylance make a big deal about how standardised testing in the AV industry is flawed/biased/bought and paid for etc and encourage users to test it themselves.
So I did. A quick google search found a dump of some recent OSX malware, some of which it failed to detect despite there being AV sigs on VirusTotal back in November. No idea how effective it is on Windows as I'd rather get malware'd than use it.
I do however think the author of the article should conduct their own testing rather than simply voicing opinions with little substance to back them up.
Good article.
Cylance etc whilst being actually quite good do rather over egg their technology and to use the term "AI" is a little naughty really.
They (and others) are using behavior markers to detect stuff that has all the hallmarks of something undesirable.
I know McCrappy and all of the other talked about heuristics a long time before, but for whatever reason that never worked in any way I ever saw.
Cylance (and some others I have personally tested) does work in this way, it is quite good vs signature based AV. I have seen it detect absolutely unique malware samples. That is quite impressive really.
On the other hand, it's also had quite a significant false positive rate against all sorts of stuff including a lot of our software deployment packages and Office365 automatic updates. In fact, so many that whilst its nailing the bad stuff, it would hose our business unless we spent a lot of time and effort staging software deployments through whitelisting.
Security is always a double edged sword, particularly when you let an algorithm run rampage. August 4th its protecting you but by 2:14 a.m. Eastern time, August 29th its trying to wipe out the human race.
1. AI is automatic and therefore cheap or cheaper, works 24/7/365. Humans don't or it's extremely expensive.
2. AI is relational by meanings database, conglomerate of sets of weighted phrases, it's not a program or algorithm. Any change at that database can be and is detected immediately. Indeed, one cannot penetrate AI because she/he damages the relations.
3. All programming languages and codes are soon over - AI speaks, understands and thinks using language, texts.
What to protect? Nothing. The article is absolutely senseless.
"3. All programming languages and codes are soon over - AI speaks, understands and thinks using language, texts."
I believe you forgot the Joke Alert icon. I'll believe you when your supposed AI can survive the "This Sentence Is False" paradox. Or perhaps the "My Dog Has No Nose" routine Danger Mouse once used to defeat a "AI" computer.
This post has been deleted by its author
Dr. Fred Cohen talked about this way back at the start of the history of computer viruses. Simply put, if the virus writer has access to the scanner, they can detect it and abort doing something that will identify its presence. You still see that in modern malware, such as when it detects that it is running under a VM (common practice when trying to analyse the buggers), it will do something different than it normally would.
Putting a Post-It labelled "AI" on the black box that does the scanning does not change the fundamental nature of the setup. So long as the virus/malware (or its author) has access to the box, it can use it as an oracle and keep trying different behaviours until it finds something that isn't detected.
"Putting a Post-It labelled "AI" on the black box that does ..." [insert task]
That is actually a very good and correct synopsis of at least 75% of any given text1) mentioning "AI" that I have read over the last two years or so.
1) 98,7% when the text was marketing blurb.
The fundamental issue with any "recognize if something is malware" technology is that once widely deployed, malware can be tailored to bypass it. Somewhat similar to the halting problem...
The malware authors don't care whether it is a signature, heuristics, AI, or underpants gnomes that flags their creation as malware - they simply fiddle with it until it's clean again.
Either by wrapping it in more layers of crypto/obfuscation/stages, or doing a binary search to find the exact spot that tips it between "clean" and "malware".
I can see the overlap here. I see it more like a siege. Defenders necessarily have to fix many of their defenses, and attackers can learn these and work against them, leaving only the mobile defenses which are also necessarily limited, particularly by resource costs. In this scenario, the attackers have access to everything the defenders have and can use them against the defenders. This can include AI at some point. Meaning as long as they can out-resource the defender, it's basically only a matter of time.
Not even behavior-based detecting will work for long as the attackers learn to pace themselves and re-learn the arts of "smurfing" things under the radar and mimicking legitimate actions.
Stop this? Please?
Did you see Alexa? Siri? Cortana?
No more programming languages, no more algorithms - no more anti- and malware! Common, everyday human language has all mechanisms at itself.
Programmers are people who structure language, do you understand it? AI does the same automatically. Programmers manually reduce mechanisms of language to some standard steps - do you understand that?
Did you see Alexa? Siri? Cortana?
"Unexpected item in bagging area"
Look up carrots.
The fact is that Supermarkets KNOW so called "AI" checkouts increase theft, however their IT suppliers have hoodwinked them into believing it's cheaper than a human checkout. Even if it broke even, the human operated checkout is less likely to put off customers.
Oh, I get it now: you're being sarcastic. Right? Since we can parse natural language better and apply it to a web search or an app, then it must be good enough for protecting us from ingenious minds who want to play havoc on our computers.
Sad fact: we have nothing that passes Alan Turing's original test: how to tell a woman from a man pretending to be a woman. So, will the computer pretend to be the woman, or will it pretend to be the man pretending to be the woman?
What is being presented as AI is the anti-malware version of Clippy: "Say, it looks like you're encrypting your disk. Do want some help with that?" (The user will, of course, click "yes" and the disk will not only be encrypted by the ransom-ware, but also by a helpful AI who will keep the password from you, as you'd just breach security anyways with it.)
"Sad fact: we have nothing that passes Alan Turing's original test: how to tell a woman from a man pretending to be a woman."
I would think a nice stiff rod swing up at the groin between the legs from behind would make for a quick and effective test. From behind means it's unanticipated so no preparation techniques can be used.
"And that's effective with AI software, how?"
Since when did the problem have to do with AI software. The question was, "How do you tell a real woman from a drag queen?" I gave a "42" solution: groin shot from behind.
Now, as I understand it, the Turing Test was to fool a human engaging the program in a chat room setting into thinking he's chatting with a person when it's really the program. And that's still a work in progress.
"Did you see Alexa? Siri? Cortana?"
I've heard Siri; she's got a good groove goin' on: Skeewiff Feat Siri - Know How.
AI is not a database. The goal of big boy AI is to create functioning neural networks and have THOSE do the thinking. And AI is NOT a new thing, for the two or three idiots making the most noise in here. It's been around at least since the 1960s. And I have a really old history of computers from ~1992 that goes into depth about crafting the language-based AI that some of you pinheads think is a database. It certainly resembles one, but it is much more than that, thanks to neural network crafting. See:
https://en.wikipedia.org/wiki/ELIZA
"As such, ELIZA was one of the first chatterbots, but was also regarded as one of the first programs capable of passing the Turing Test."
I was talking to Eliza back in the 1980s, and she's much older than that. A neural network is this:
https://en.wikipedia.org/wiki/Artificial_neural_network
Holy crap, some of you "chatterbots" are fucking stupid. Sorry, but I.Geller and your ilk are morons. Please, please STFU. And start reading more than you are writing. Thank you. I am not a robot.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
