Sunday, June 26, 2022

Stopping cyber-crooks in their tracks

New Method Can Stop Cyberattacks in Less Than a Second

By CARDIFF UNIVERSITY 

Cardiff University researchers have developed a new approach for automatically detecting and killing cyberattacks on our laptops, computers, and smart devices in less than a second.

Using artificial intelligence in a completely new way, the technology has been found to effectively prevent up to 92% of data on a computer from being corrupted, with a piece of malware being wiped out in only 0.3 seconds on average.

The team published their findings in Security and Communications Networks on December 6th, and say that this is the first demonstration of a method that can both detect and kill malicious software in real-time, which could transform approaches to modern cybersecurity and avoid incidents like the recent WannaCry cyberattack on the NHS in 2017.

The new strategy, developed in collaboration with Airbus, is focused on monitoring and anticipating the behavior of malware, as opposed to more typical antivirus technologies that analyze what a piece of malware looks like. It also utilizes the most recent advances in artificial intelligence and machine learning.

“Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’,” co-author of the study Professor Pete Burnap explains.

“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process, or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioral profile.”

By training computers to run simulations on specific pieces of malware, it is possible to make a very quick prediction in less than a second of how the malware will behave further down the line.

Once a piece of software is flagged as malicious the next stage is to wipe it out, which is where the new research comes into play.

“Once a threat is detected, due to the fast-acting nature of some destructive malware, it is vital to have automated actions to support these detections,” continued Professor Burnap.

“We were motivated to undertake this work as there was nothing available that could do this kind of automated detecting and killing on a user’s machine in real-time.”

Existing products, known as endpoint detection and response (EDR), are used to protect end-user devices such as desktops, laptops, and mobile devices and are designed to quickly detect, analyze, block, and contain attacks that are in progress.

The main problem with these products is that the collected data needs to be sent to administrators in order for a response to be implemented, by which time a piece of malware may already have caused damage.

To test the new detection method, the team set up a virtual computing environment to represent a group of commonly used laptops, each running up to 35 applications at the same time to simulate normal behavior.

The AI-based detection method was then tested using thousands of samples of malware.

Lead author of the study Matilda Rhode, now Head of Innovation and Scouting at Airbus, said: “While we still have some way to go in terms of improving the accuracy of this system before it could be implemented, this is an important step towards an automated real-time detection system that would not only benefit our laptops and computers but also our smart speakers, thermostats, cars, and refrigerators as the ‘Internet of Things’ becomes more prevalent.”

Reference: “Real-Time Malware Process Detection and Automated Process Killing” by Matilda Rhode, Pete Burnap and Adam Wedgbury, 6 December 2021, Security and Communication Networks.
DOI: 10.1155/2021/8933681