Published on August 5th, 2019 📆 | 4619 Views ⚑0
Boffins trick AI-based antivirus into thinking malware is ‘goodware’
Some of the most dangerous forms of malware were able to escape detection
BOFFINS IN AUSTRALIA claim to have tricked BlackBerry’s AI-based Cylance Protect system into thinking malware isn’t harmful.
Using a “global bypass method”, specialists at Skylight Cyber were able to get the system to identify malware as “goodware”, Vice reports.
“AI applications in security are clear and potentially useful. However AI-based products offer a new and unique attack surface,” the researchers said.
“Namely, if you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently, creating a universal bypass.”
According to the researchers, they identified “a peculiar bias towards a specific game” after conducting an analysis of the system.
“Combining an analysis of the feature extraction process, its heavy reliance on strings, and its strong bias for this specific game, we are capable of crafting a simple and rather amusing bypass,” the boffins continued.
They added that by appending a selected list of strings to a malicious file, they could change its score significantly to avoid detection: “This method proved successful for 100 per cent of the top 10 Malware for May 2019, and close to 90 per cent for a larger sample of 384 malware.”
To test their method, the researchers uploaded a list of the top 10 malware, published by the Center for Internet Security. The “staggering” results show that negative scores were turned to positive, meaning some of the most dangerous forms of malware were able to escape detection.
They concluded: “We are always amused to see the shock on people’s faces when you tell them that the new security toy they spent millions of dollars buying and integrating can be bypassed.
“The same goes for new silver bullets, like AI-based security. We are anything but surprised with the results, and we are confident that the same type of process can be applied to other pure AI vendors to achieve similar results.” µ