Computer Security Concept Illustration

New method can stop cyber attacks in less than a second

Illustration of the computer security concept

The method has been shown to completely prevent up to 92% of files on a computer from getting corrupted, removing an average malicious program in just 0.3 seconds.

Computers, laptops and other smart gadgets in our homes can be protected by artificial intelligence that can quickly identify and eliminate malware.

University of Cardiff Researchers have developed a new approach to automatically detect and kill cyber attacks on our laptops, computers and smart devices in less than a second.

By using artificial intelligence in an entirely new way, the technology has been shown to effectively prevent up to 92% of the data on a computer from being corrupted, wiping out a piece of malware in an average of just 0.3 seconds.

The team published their findings in Security and communication networks on December 6, saying this is the first demonstration of a method that can both detect and kill malicious software in real time, which could transform approaches to modern cybersecurity and prevent incidents such as the recent WannaCry cyber attack on the NHS in 2017. to prevent.

The new strategy, co-developed with Airbus, focuses on monitoring and anticipating malware behavior, as opposed to more typical antivirus technologies that analyze what a piece of malware looks like. It also leverages the latest advancements in artificial intelligence and machine learning.

“Traditional antivirus software looks at the code structure of a piece of malware and says ‘yes, that looks familiar,'” explains study co-author Professor Pete Burnap.

“But the problem is that malware authors just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves, so as soon as it starts attacking a system, such as opening a port, creating a process or downloading data in a certain order, it leaves a fingerprint that we can use to create a behavioral profile.”

By training computers to run simulations on specific pieces of malware, it is possible to make a very fast prediction in less than a second of how the malware will behave further down the line.

Once a piece of software has been flagged as malicious, the next step is to wipe it out, which is where the new research comes in.

“Once a threat has been detected, due to the fast-acting nature of some destructive malware, it is vital to have automated actions to support these detections,” continues Professor Burnap.

“We were motivated to do this work because there was nothing available that could perform this kind of automated detection and murder on a user’s computer in real time.”

Existing products, also known as endpoint detection and response (EDR), are used to protect end-user devices such as desktops, laptops and mobile devices and are designed to quickly detect, analyze, block and contain ongoing attacks.

The main problem with these products is that the collected data has to be sent to administrators in order to implement a response, by which time a piece of malware may have already done damage.

To test the new detection method, the team set up a virtual computing environment to represent a group of commonly used laptops, each of which can run up to 35 applications simultaneously to simulate normal behavior.

The AI-based detection method was then tested with thousands of samples of malware.

Lead author of the study Matilda Rhode, now Head of Innovation and Scouting at Airbus, said: “While we still have a long way to go in terms of improving the[{” attribute=””>accuracy of this system before it could be implemented, this is an important step towards an automated real-time detection system that would not only benefit our laptops and computers but also our smart speakers, thermostats, cars, and refrigerators as the ‘Internet of Things’ becomes more prevalent.”

Reference: “Real-Time Malware Process Detection and Automated Process Killing” by Matilda Rhode, Pete Burnap and Adam Wedgbury, 6 December 2021, Security and Communication Networks.
DOI: 10.1155/2021/8933681

Leave a Comment

Your email address will not be published.