Tech vs tech: How AI is taking on ransomware
Experts Use Machine Learning
Tools To Identify Malicious Software & Nip Attacks In The Bud
Twice in the space of six
weeks, the world has suffered major attacks of ransomware -malicious software
that locks up photos and other files stored on your computer, then demands
money to release them.
It's clear that the world
needs better defences, and fortunately those are starting to emerge, if slowly
. When they arrive, we may have artificial intelligence to thank.
Despite the risks of
ransomware attacks, many people just aren't good at keeping up with security
software updates. Both recent attacks walloped those who failed to install a
Windows update. Watchdog security software has its problems, too.With this
week's attack, only two of about 60 security services tested caught it at
first, according to researchers. “A lot of normal applications, especially on
Windows, behave like malware, and it's hard to tell them apart,“ said Ryan Kalember,
an expert at the US security vendor Proofpoint.
In the early days,
identifying malicious programs involved matching their code against a database
of known malware. But this technique was only as good as the database; new
variants could easily slip through.
So security companies
started characterising malware by its behaviour. In the case of ransomware, the
software could look for repeated attempts to lock files by encrypting them. But
that can flag ordinary computer behaviour such as file compression. Newer
techniques involve looking for combinations of behaviours. For instance, a
program that starts encrypting files without showing a progress bar could be
flagged for surreptitious activity , said Fabian Wosar, chief technology
officer at the New Zealand security company Emsisoft.But that also risks
identifying harmful software after some files have been locked up.
An even better approach
identifies malware using observable characteristics usually associated with
malicious intent -for instance, by quarantining a program disguised with a PDF
icon.
This sort of malware pro
filing wouldn't rely on exact code matches, so it couldn't be easily evaded.
And such checks could be made well before dangerous programs start running.
Still, two or three
characteristics might not properly distinguish malware from legitimate
software. But how about dozens? Or even thousands? For that, researchers turn
to machine learning, a form of artificial intelligence. The security system
analyses samples of good and bad software and figures out what combination of
factors is likely to be present in malware. As it encounters new software, the
system calcu lates the probability that it's malware, and rejects those that
score above a certain threshold. When something gets through, it's a matter of
tweaking the calculations or adjusting the threshold.
On the flip side, malware
writers can obtain these tools and tweak their code to see if they can evade
detection.Some websites already offer to test software against leading security
systems. Still, security firms employing machine learning have claimed success
in blocking most malware, not just ransomware. SentinelOne even offers a
$1million guarantee against ransomware; it hasn't had to pay it yet.
AP
No comments:
Post a Comment