While it is tempting to imagine a future in which super-intelligent AIs create defensive systems so secure that even the most advanced attackers are completely thwarted, he said, "the obvious result would be for hackers to respond with their own self-improving AI systems that learn to evade those defenses." "As defensive capabilities are improved through the use of machine learning, attackers will have to respond by finding novel attacks that the newly ML-enhanced systems can't yet detect," he said. Sohrob Kazerounian, a senior data scientist at Vectra, a provider of automated threat management solutions, said that AI systems create a necessity for new attack vectors. "If you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently, creating a universal bypass," the Skylight researchers wrote. AI and ML can shut down some attacks, but can also open new pathsĪI and ML products depend on models that can become new targets for adversaries. "Machine learning remains the most effective tool in combating malware, which is why the technique has been nearly universally adopted by security vendors." "This vulnerability allows the manipulation of a specific type of feature analyzed by the algorithm that in limited circumstances will cause the model to reach an incorrect conclusion," Cylance said in the post. Those features are then passed to an algorithm for analysis. AI and ML can automate security tasks, but they are not set-and-forgetĪs Cylance pointed out in its blog, AI and ML models are "living models." They are designed to evolve and require periodic retraining and field servicing.Ĭylance said that, rather than finding a universal bypass, the researchers had discovered "a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances."Īnalyzing a file with ML is a multi-stage process, Cylance said. First the file is parsed, which extracts artifacts from it known as "features." These can be anything about the file that can be interpreted or measured. Regardless, the lessons for security teams are clear.
Cylance antivirus fails software#
The company added that it had corrected the issue in its cloud service, and would do so with its endpoint software shortly. The method was 100% successful for the top 10 malware programs for the month of May-and 90% effective for a larger universe of 384 malicious applications, the researchers said.Ĭylance has acknowledged that its ML algorithm was flawed, but it said in a company blog post that it was not a universal bypass.
They leveraged that knowledge to craft a universal method for bypassing the software by simply appending a selected list of strings to any malicious file. After a careful analysis of Cylance's antivirus product, the researchers discovered a bias toward a particular game. The bypass was discovered by researchers at Skylight, a firm founded by Israeli government security veterans Adi Ashkenazy and Shahar Zini. Artificial intelligence (AI) has become all the rage in cybersecurity circles, but a recently discovered universal bypass of a machine-learning (ML) algorithm in BlackBerry's Cylance cybersecurity suite offers some valuable lessons for organizations mulling AI security solutions.
0 kommentar(er)
