AI based antivirus programs – the future of cyber defence

14 Jul AI based antivirus programs – the future of cyber defence

Posted at 09:36h in NOTIONES by
The firm “Cylance” is a pioneer as the first company to apply artificial intelligence in an antivirus program. They use mathematical approach for new malware, viruses, bots’ identification, utilizing patent-pending, machine learning techniques instead of reactive signatures and sandboxes. The machine learning research platform based on science and artificial intelligence analyses and classifies hundreds of thousands of characteristics per file, breaking them down to an atomic level providing real-time threat detection, root cause analysis, and integrated incident response.

A recent NSS Labs test revealed that CylancePROTECTTM blocks 99.7% of all malwares, including new zero-day threats. Cylance’s AI prevention-first approach to security helps businesses scale their security capabilities, reducing the time required to find, investigate, and mitigate threats in their environments.

For example, Dell is using technology from Cylance to protect the BIOS firmware in its business PCs. The technology is designed to check if systems are secure when users boot them up; after the PC boots, the software checks a hash of the BIOS against a known good version stored in a secure cloud. Suppliers will need to frequently enhance these defences to ensure they remain effective.[1]

Cylance had proven as an effective tool against WannaCry / WanaCrypt0r 2.0 Ransomware, the company stated that every computer running our product – with a math model from 2015 or later – was already protected against this nasty worm WannaCry and additionally stops the actual propagation of the worm, breaking the chain.

Another AI virus pioneer is Symantec Endpoint Protection 14 that effectively stops advanced threats with next generation technologies that apply advanced machine-learning, file reputation analysis, and real-time behavioural monitoring.

Figure 1: Symantec real-time cloud look up for scanning suspicious files.

Figure 1 represents the Intelligent Threat Cloud’s as a part of Symantec Endpoint Protection 14 that has incorporated a real-time cloud lookup technique that provides rapid access to the world’s largest civilian threat intelligence network. This enhances machine learning with a deep understanding of the latest threat techniques to provide maximum protection across all endpoints; using cloud algorithms updated in real-time.

Symantec Endpoint Protection was granted with AV-TEST Award for Best Protection 2016 for the excellent performance. AV-TEST, globally recognized for its rigorous independent testing practices, evaluates the efficacy of endpoint security solutions against advanced attacks throughout the year. Security solutions are subjected to more than 1,000 live zero-day attacks delivered via infected websites and email to measure a product’s complete protection ability. In addition, AV-TEST measures the security solution’s detection of more than 100,000 current and widespread threats.

Microsoft is working with artificial intelligence to create the next generation of antivirus software. Microsoft will use a wide range of data coming from its cloud programs such as Azure, Endpoint and Office (from more than 400 million computers) to create an artificial intelligence antivirus that can pick up on malware behavior. [2]

Figure 2: New dashboard for Windows Defender Advanced Threat Protection

Author(s): Military Academy “General Mihailo Apostolski” – Skopje, Republic of North Macedonia

References:

[1] M.W.Harkins, Looking to the Future: Emerging Security Capabilities, Managing Risk and Information Security, pp. 117-128. Apress, 2016.

[2]   CNET, Microsoft is building a smart antivirus using 400 million PCs, Last accessed July 10, 2023, https://www.cnet.com/news/microsoft-build-smart-antivirus-using-400-million-computers-artificial-intelligence/