Hillarious! Definitely worth a read. http://www.securityweek.com/what-does-your-machine-actually-learn
Horrible. A tremendous, game changing concept that was corrupted early and well by greed. Just another catchy phrase, like "transparency." Buyer beware.
I personally would put more trust in behavior blockers, I don't believe ML/AI will be ever able to identify 100% of all malware.
Well I think a lot of people get the wrong idea about AI because of the focus on learning algorithms. Its easy to forget that the idea is to create what we know as intelligence which is based on how our intelligence is created. We don't "learn" per se, much of what we consider to be our own intelligence. Most of it is programmed information, the actual experimental learning was done by someone else. Take away that programmed information and I doubt whether most people would get as far as to learn for themselves that banging two rocks together can make a spark. In other words AI malware detection does not need to begin as a neanderthal and figure it all out for itself, it can be programmed with all the relevant information to use behaviour blocking etc but also on top of that be programmed to learn how to find new security weaknesses that are usually not identified until the malware strikes.
Don't get me wrong, I think it's an interesting development that will make AV's more powerful. But I believe no AV will be ever able to identify 100% of all malware, and you can already read reports how malware writers are able to fool AI/ML. So that's why I have always been a fan of behavior blocking, because malware will always need to achieve something on execution. If I see behavior that I don't like, I block it. Next gen behavior blockers will be able to make the decisions for the user, hopefully without generating a lot of false positives. Sandboxing combined with behavior blocking is even better, you first run malware in a virtual container and then monitor their behavior without putting the system at risk. I believe Invincea works in this way. If some app refuses to run, you already know that you're probably dealing with malware that's trying to outsmart the sandbox.
I think we will get close to 100%. I know everyone is tired of me harping on about it, but our current hackers playground is the result of 20 years of collusion between OS manufacturers, government agencies and those involved in the data mining industry to implement weakened security to serve their agendas. If I gave you a simple 1 line piece of code and said this is uber important, make sure it is not hacked or changed you could protect it right? Digitally sign it, checksum it, back it up to encrypted file, monitor any process that attempted to write to it etc. etc....Lots of ways to make it bullet proof. If you can do that to one line of code you can do it to two. If you can do it to two...
Pertaining to the "hype" being spewed by the Next Gen vendors about machine learning, the fact is that the major AV vendors have been using it for years. Here is an article on Eset's latest version of it here: https://www.welivesecurity.com/2017/06/20/machine-learning-eset-road-augur/ . Also worth reading is the references at the bottom of the article which are series postings on the subject. The one I recommend is: https://www.welivesecurity.com/2017/04/18/pr-reality-collide-truth-machine-learning-cybersecurity/
As far as the effectives on the new AI algorithms being "hyped" as the greatest thing since "sliced bread was invented" is the following. Last year the Massachusetts Institute of Technology aka MIT conducted an extensive research study into the use of the effectiveness of advanced behavior analysis against computer malware; namely the use of Artificial Intelligence. Using the most advanced known algorithms available, most of which had not been publically disseminated, the best achieved detection rate was 85%. Definitely worth a read: http://news.mit.edu/2016/ai-system-predicts-85-percent-cyber-attacks-using-input-human-experts-0418 So it behooves security professionals to fully research supporting scientific data before taking the leap into new technology and abandoning known and field proven security protection methods. All the articles I have read from the scientific community in regards to AI as applied to malware detection state the development in regards to replacing existing malware detection methods will take at least another 5 years.
I'm not so sure about this, but sometimes I also wonder about how Windows became such a vulnerable OS, that uses thousands of API's that most apps don't even need, but malware can happily take advantage of them. On the other hand, it did create a nice hobby for most of us on this forum, and not to forget about the billion dollar IT security industry. Close to 100% malware identification would be cool, but it should be able to do this without generating false positives, that's the catch. Invincea claim they can (almost) do this: https://www.invincea.com/solution-overview/
You are forgetting about the thousands of different ways windows is used. Just one example, Business vs gamers vs medical industry. Remember about Invincea. Built on top of Sandboxie
