With an average malicious application deleted in only 0.3 seconds, the technique has been found to totally protect up to 92 percent of data on a computer from being damaged.
Researchers from Cardiff University have created a novel method for instantly identifying and neutralizing assaults on our laptops, desktop computers, and smart gadgets.
The system has been shown to successfully stop up to 92 percent of data on a computer from being damaged, using artificial intelligence in a fundamentally new method. On average, a piece of malware is removed in just 0.3 seconds.
On December 6, the team published its findings in Security and Communications Networks. They claim that this is the first instance of a technique that can simultaneously identify and eliminate malicious software in real-time, which could revolutionize current cybersecurity strategies and prevent incidents like the 2017 WannaCry cyberattack on the NHS.
As contrast to more traditional antivirus technologies that assess how a piece of malware appears, the new approach, developed in partnership with Airbus, is concentrated on monitoring and anticipating the behavior of malware. Additionally, it makes use of the most recent developments in machine learning and artificial intelligence.
“Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’,” Professor Pete Burnap, who is also one of the study's authors, explains.
“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process, or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioral profile.”
One may quickly forecast how a piece of malware will behave in the future by teaching computers to conduct simulations on particular malware in less than a second.
The new research is useful when it comes to removing dangerous software after it has been identified as such.
Professor Burnap stated, "Once a threat is found, due to the quick-moving nature of some damaging malware, it is necessary to have automated steps to support these detections.
“We were motivated to undertake this work as there was nothing available that could do this kind of automated detecting and killing on a user’s machine in real-time.”
Endpoint detection and response (EDR) technologies now on the market are used to defend end-user devices including desktops, laptops, and mobile phones and are built to swiftly identify, analyze, stop, and mitigate assaults that are already underway.
The fundamental issue with these solutions is that administrators must receive the data collected in order to initiate a reaction, by which time a piece of malware may already be responsible for damage.
The researchers created a virtual computing environment to imitate a collection of frequently used laptops, with each running up to 35 programs simultaneously to represent typical activity and test the novel detection technique.
Thousands of malware samples were then used to test the AI-based detection technique.
“While we still have some way to go in terms of improving the accuracy of this system before it could be implemented, this is an important step towards an automated real-time detection system that would not only benefit our laptops and computers but also our smart speakers, thermostats, cars, and refrigerators as the ‘Internet of Things’ becomes more prevalent,” said Matilda Rhode, the study's lead author and currently Head of Innovation and Scouting at Airbus.
Reference: “Real-Time Malware Process Detection and Automated Process Killing” by Matilda Rhode, Pete Burnap and Adam Wedgbury, 6 December 2021, Security and Communication Networks.
DOI: 10.1155/2021/8933681