![]() Thus, any time a computer recognizes a beak, it will assume that the object is a bird, not a human. Show a computer enough examples of birds and humans, and the computer will finally realize that birds have beaks, but humans do not. As the researchers themselves pointed out, training an AI antivirus program to recognize the difference between “malware” and “trusted software” is similar to teaching an ML program how to recognize the difference between birds and humans. There is a simple analogy to describe how the security researchers were able to defeat the Cylance antivirus program so conclusively each and every time. In short, a few simple strings added to the existing code were enough to completely fool the Cylance antivirus. Simply by inserting a few snippets of the code to the very end of the malware code – perhaps the simplest, laziest and most naive approach possible, the Australian security researchers were able to transform scores as low as -999 into a near-perfect 996, or a similarly low score of -975 into a very impressive 984. This was truly a “global bypass” in that 100 percent of the Top 10 malware programs on the planet evaded detection, as did 83 percent of the Top 384 malware programs. And Cylance had steadily built a reputation as one of the top endpoint security firms, based to a large degree on its endpoint Protect offering.Ī global bypass of AI antivirus protectionĪs the Australian security researchers pointed out, this was not a case of a single exception slipping by undetected. Cylance was billing its protection product as one of the best and most innovative in the marketplace, thanks to its use of AI and machine learning to prevent threats. As this story shows, if we place too much trust in such systems’ ability to know what is good and bad we will expose ourselves to untold risk – which if left unattended could create huge security blind spots, as is the case here.”įor security researchers who have been predicting that artificial intelligence (AI) and machine learning (ML) are the future of antivirus protection, the complete and total demolition of the Cylance antivirus program has to be a crushing blow. While AI can undoubtedly provide valuable insights and forecasts, it is not going to be right every time and will always be fallible ultimately predictions are just that, predictions, they are not fact. Ultimately, AI is not a silver bullet, it’s just the latest craze in doing the impossible – i.e. This exposes the limitations of leaving machines to make decisions on what can and cannot be trusted. ![]() As a result, any malware that contained these strings were essentially given a free pass by the Cylance antivirus program.Īccording to Gregory Webb, CEO of Bromium, companies must do more to address the false notion that AI or any other technology is 100 percent effective: “The breaking news on Cylance really draws into question the whole concept of categorizing code as ‘good or bad’, as researchers were able to just rebadge malware as trusted – they didn’t even have to change the code. As it turns out, the Cylance AI antivirus program was augmented with a series of whitelists and blacklists, and had begun to have a persistent bias in favor of certain strings from a popular gaming application. Once the bias was determined, it was really just a simple matter of creating a universal bypass solution. As the security researchers discovered, the AI-based Cylance antivirus was trained to have a systematic bias for and against certain pieces of computer code. ![]() Once the Australian information security researchers had successfully reverse engineered the Cylance antivirus software, it was really just a matter of inserting a few simple strings to the end of the malicious files and they could slide by unprotected. How the Australian security researchers defeated the Cylance antivirus programĮven worse, it didn’t take a lot of human manpower to overpower the much-hyped AI Cylance antivirus software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |