back to article Despite the spiel, we're still some decades from true anti-malware AI

The cybersecurity industry is investing heavily in "machine learning" technologies in the hope of providing a more dynamic defence against malware. The practical upshot of this is that the delegates to the RSA Conference next week are likely to hear a lot about artificial intelligence in next-generation antivirus (NGAV) even …

  1. Khaptain Silver badge
    Black Helicopters

    AI vs Greed

    The next logicial stage is that those greedy bastard Malware creators will use AI to their own advantage..

    Cynical, who, me, definately..... The "dark force" has the same availibility to AI tools as everyone else , why would they not use them ! There is so much money to be made that it is impossible for them to resist... and some back-handers to the legal companies will ensure the continuing availibility .

    1. Mage

      Re: AI vs Greed

      Maybe in MARKETING Malware, I don't envisage any malware genuinely using Artificial Intelligence. Using Artificial Insemination to spread Trojan Horses is more likely.

      1. Khaptain Silver badge

        Re: AI vs Greed

        Never underestimate the lengths to which people will go to when they have something to gain !!

        And never forget that those doing the nasty might actually be on the "good" side of the law....... NSA, Mossad, FSK, MI6 etc etc I can easilly imagine entering an American Airport and your computer being analysed by some AI system that determines on it's own whether or not you have "terrorist" tendancies.... and that that same machine leaves some nasty malware ( virus) behind after it has calculated that your AntiVirus solution is not updated regularly and that you credit card details show no subscriptions to similar services.

        1. I.Geller Bronze badge

          Re: AI vs Greed

          NSA, Mossad, FSK, MI6 etc. have nothing to analyze at AI - it's a relational by meaning database of sets of weighted phrases, millions of them. Absolutely impossible to understand what and why is related to what, AI can only be used.

          1. Khaptain Silver badge

            Re: AI vs Greed

            AI is only in it's birth, it has the entire lifespan of humankind waiting to nurture it... and it will eventually be capable of making a decision, equal to that of any meatbag..

            We are the creaters of AI, but unfortunately it is likely to pass us by. When I considers that the best chance of human survival it to destroy 98% of the population because statistically that it was we programmed it to do, then, and maybe then, we might begin to understand just how relevant we truly are...

        2. Anonymous Coward
          Anonymous Coward

          Re: AI vs Greed

          "when they have something to gain"

          I'll up-vote your spirit, but you mention "something to gain" much like a monetary value prize of some sort, when in reality you can also include "breaking a system for the sport of it" as another motive. And one that has zero monetary value. Like simple vandalism, etc.

          My favorite analogy is; an online service is much like a store-front window. script-kiddies and low level hackers can just throw bricks at it, and I as the shopkeeper can either buy expensive, bullet-proof windows or fencing. Or I could hire a security guard to stand out front and chase off the riffraff, or just move to another neighborhood. Still, one must admire the Wiley E. Coyote level hacker that can come in through the roof, or just disassemble the window, or make it disappear altogether. In that case, the inside of the shop should also be better protected, as in not having your customer lists, money, and products ready for the taking should a nogoodnik make entry.

          1. Charles 9

            Re: AI vs Greed

            But the reason you don't see Rube Goldberg-type entries is that the REALLY sophisticated people steal data the EXACT SAME WAY it get access PROPERLY. Because the biggest, most sophisticated threats were, are, and always will be insiders, and you can never completely defend against insiders.

            1. Khaptain Silver badge

              Re: AI vs Greed

              Charles 9 : I agree with you, now imagine that those Rube Goldberg types have access to AI which is capable of determining the best Social Engineering technique to use, or that is capable of finding material suitable for blackmailing the Email/Domain Admin , you get the point...

              Malware isn't necassarily written/used only by the "bad guys"

    2. I.Geller Bronze badge

      Re: AI vs Greed

      AI is database. How can you spoil or steal that database?

      1. You can steal it. However, it makes no piratical sense - AI database cannot be read, only used/ you can find only senseless sets of weighted phrases, neural networks. How to make money on this?

      And if AI is illegally used - it can be identified instantly, because all AIs are absolutely unique.

      2. You may try to alter AI. But it's relational by meanings database and even tiny change destroys all relations - ot's like you perform an operation on a human brain - which can be detected immediately.

  2. The Original Steve


    Noticed Sophos have some anti-malware / anti-cryptolocker product, think it was called InterceptX. Asked one of their bods at IP Expo last year the question "shouldn't your AV product we already pay for do this?".

    I didn't get a proper answer...

  3. maaaaaaaaasomeone

    Cylance is ineffective

    Cylance make a big deal about how standardised testing in the AV industry is flawed/biased/bought and paid for etc and encourage users to test it themselves.

    So I did. A quick google search found a dump of some recent OSX malware, some of which it failed to detect despite there being AV sigs on VirusTotal back in November. No idea how effective it is on Windows as I'd rather get malware'd than use it.

    I do however think the author of the article should conduct their own testing rather than simply voicing opinions with little substance to back them up.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cylance is ineffective

      You are criticising the writer for not conducting a review of the software. But that is not the remit of this article, in which we critically question the claims of Artificial Intelligence capability made by various anti-malware firms.

    2. Anonymous Coward
      Anonymous Coward

      Re: Cylance is ineffective

      Their marketing is EXCELLENT though!

      they got a slapped wrist for taking from virustotal but not contributing.

      Watch this space, for more from that company..

  4. Anonymous Coward
    Anonymous Coward

    Bit of a misnomer

    Good article.

    Cylance etc whilst being actually quite good do rather over egg their technology and to use the term "AI" is a little naughty really.

    They (and others) are using behavior markers to detect stuff that has all the hallmarks of something undesirable.

    I know McCrappy and all of the other talked about heuristics a long time before, but for whatever reason that never worked in any way I ever saw.

    Cylance (and some others I have personally tested) does work in this way, it is quite good vs signature based AV. I have seen it detect absolutely unique malware samples. That is quite impressive really.

    On the other hand, it's also had quite a significant false positive rate against all sorts of stuff including a lot of our software deployment packages and Office365 automatic updates. In fact, so many that whilst its nailing the bad stuff, it would hose our business unless we spent a lot of time and effort staging software deployments through whitelisting.

    Security is always a double edged sword, particularly when you let an algorithm run rampage. August 4th its protecting you but by 2:14 a.m. Eastern time, August 29th its trying to wipe out the human race.

  5. Mage

    Naughty AI

    Alarm bells go off when I read ANY advert / marketing / press release with AI in it, unless it's about horses, cattle etc.

  6. David 18


    Are these anything like Ted? Now, where's my copy of Cat Scratch Fever? Not heard that for years...

  7. I.Geller Bronze badge

    What to protect? Nothing. The article is absolutely senseless.

    1. AI is automatic and therefore cheap or cheaper, works 24/7/365. Humans don't or it's extremely expensive.

    2. AI is relational by meanings database, conglomerate of sets of weighted phrases, it's not a program or algorithm. Any change at that database can be and is detected immediately. Indeed, one cannot penetrate AI because she/he damages the relations.

    3. All programming languages and codes are soon over - AI speaks, understands and thinks using language, texts.

    What to protect? Nothing. The article is absolutely senseless.

    1. Charles 9

      Re: What to protect? Nothing. The article is absolutely senseless.

      "3. All programming languages and codes are soon over - AI speaks, understands and thinks using language, texts."

      I believe you forgot the Joke Alert icon. I'll believe you when your supposed AI can survive the "This Sentence Is False" paradox. Or perhaps the "My Dog Has No Nose" routine Danger Mouse once used to defeat a "AI" computer.

  8. This post has been deleted by its author

  9. Frumious Bandersnatch

    the undecideability problem

    Dr. Fred Cohen talked about this way back at the start of the history of computer viruses. Simply put, if the virus writer has access to the scanner, they can detect it and abort doing something that will identify its presence. You still see that in modern malware, such as when it detects that it is running under a VM (common practice when trying to analyse the buggers), it will do something different than it normally would.

    Putting a Post-It labelled "AI" on the black box that does the scanning does not change the fundamental nature of the setup. So long as the virus/malware (or its author) has access to the box, it can use it as an oracle and keep trying different behaviours until it finds something that isn't detected.

    1. allthecoolshortnamesweretaken

      Re: the undecideability problem

      "Putting a Post-It labelled "AI" on the black box that does ..." [insert task]

      That is actually a very good and correct synopsis of at least 75% of any given text1) mentioning "AI" that I have read over the last two years or so.

      1) 98,7% when the text was marketing blurb.

  10. patrickstar

    The fundamental issue with any "recognize if something is malware" technology is that once widely deployed, malware can be tailored to bypass it. Somewhat similar to the halting problem...

    The malware authors don't care whether it is a signature, heuristics, AI, or underpants gnomes that flags their creation as malware - they simply fiddle with it until it's clean again.

    Either by wrapping it in more layers of crypto/obfuscation/stages, or doing a binary search to find the exact spot that tips it between "clean" and "malware".

    1. Charles 9

      I can see the overlap here. I see it more like a siege. Defenders necessarily have to fix many of their defenses, and attackers can learn these and work against them, leaving only the mobile defenses which are also necessarily limited, particularly by resource costs. In this scenario, the attackers have access to everything the defenders have and can use them against the defenders. This can include AI at some point. Meaning as long as they can out-resource the defender, it's basically only a matter of time.

      Not even behavior-based detecting will work for long as the attackers learn to pace themselves and re-learn the arts of "smurfing" things under the radar and mimicking legitimate actions.

      1. Charles 9

        The TL:DR version: Due to the motivations involved, odds are that malware will have AI first instead of anti-malware.

  11. I.Geller Bronze badge

    Stop this? Please?

    Did you see Alexa? Siri? Cortana?

    No more programming languages, no more algorithms - no more anti- and malware! Common, everyday human language has all mechanisms at itself.

    Programmers are people who structure language, do you understand it? AI does the same automatically. Programmers manually reduce mechanisms of language to some standard steps - do you understand that?

    Did you see Alexa? Siri? Cortana?

    1. Mage

      Alexa? Siri? Cortana?

      "Unexpected item in bagging area"

      Look up carrots.

      The fact is that Supermarkets KNOW so called "AI" checkouts increase theft, however their IT suppliers have hoodwinked them into believing it's cheaper than a human checkout. Even if it broke even, the human operated checkout is less likely to put off customers.

      1. I.Geller Bronze badge

        Re: Alexa? Siri? Cortana?

        Seen none

    2. Brian Miller

      Um, sarcastic joking?

      Oh, I get it now: you're being sarcastic. Right? Since we can parse natural language better and apply it to a web search or an app, then it must be good enough for protecting us from ingenious minds who want to play havoc on our computers.

      Sad fact: we have nothing that passes Alan Turing's original test: how to tell a woman from a man pretending to be a woman. So, will the computer pretend to be the woman, or will it pretend to be the man pretending to be the woman?

      What is being presented as AI is the anti-malware version of Clippy: "Say, it looks like you're encrypting your disk. Do want some help with that?" (The user will, of course, click "yes" and the disk will not only be encrypted by the ransom-ware, but also by a helpful AI who will keep the password from you, as you'd just breach security anyways with it.)

      1. Charles 9

        Re: Um, sarcastic joking?

        "Sad fact: we have nothing that passes Alan Turing's original test: how to tell a woman from a man pretending to be a woman."

        I would think a nice stiff rod swing up at the groin between the legs from behind would make for a quick and effective test. From behind means it's unanticipated so no preparation techniques can be used.

        1. Brian Miller

          Re: Um, sarcastic joking?

          "I would think a nice stiff rod swing ..."

          And that's effective with AI software, how?

          1. Charles 9

            Re: Um, sarcastic joking?

            "And that's effective with AI software, how?"

            Since when did the problem have to do with AI software. The question was, "How do you tell a real woman from a drag queen?" I gave a "42" solution: groin shot from behind.

            Now, as I understand it, the Turing Test was to fool a human engaging the program in a chat room setting into thinking he's chatting with a person when it's really the program. And that's still a work in progress.

          2. David 18

            Re: Um, sarcastic joking?

            Anyone else suspect I.Geller is a bot?

    3. allthecoolshortnamesweretaken

      "Did you see Alexa? Siri? Cortana?"

      I've heard Siri; she's got a good groove goin' on: Skeewiff Feat Siri - Know How.

  12. Anonymous Coward
    Anonymous Coward

    Do you even know what a neural network is?

    AI is not a database. The goal of big boy AI is to create functioning neural networks and have THOSE do the thinking. And AI is NOT a new thing, for the two or three idiots making the most noise in here. It's been around at least since the 1960s. And I have a really old history of computers from ~1992 that goes into depth about crafting the language-based AI that some of you pinheads think is a database. It certainly resembles one, but it is much more than that, thanks to neural network crafting. See:

    "As such, ELIZA was one of the first chatterbots, but was also regarded as one of the first programs capable of passing the Turing Test."

    I was talking to Eliza back in the 1980s, and she's much older than that. A neural network is this:

    Holy crap, some of you "chatterbots" are fucking stupid. Sorry, but I.Geller and your ilk are morons. Please, please STFU. And start reading more than you are writing. Thank you. I am not a robot.

    1. allthecoolshortnamesweretaken

      Re: Do you even know what a neural network is?


      As to "I am not a robot", however ...

      1. Charles 9

        Re: Do you even know what a neural network is?

        It got lucky. I didn't have to actually pass one of the CAPTCHAs. Let's see one do THAT several times in succession (since the tests differ each time), then I'll be impressed.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like