Recent developments in Artificial intelligence (AI) have a vast transformative potential for both cybersecurity defenders and cybercriminals. Malware is malicious software that infiltrates or damage a computer system without consent and without informing the system owner. Researchers used this term to express a variety of forms of software or program code, such as computer virus, worm, trojan horse, retrovirus, botnet [43]. Its impact on digital society is enormous, Malwares are gettings intelligent day by day, they utilize heuristics to change their code dynamically to prevent detection from antivirus. We cannot predict how intelligent they can become with these active learning techniques.Artificial intelligence (AI) cannot automatically detect and resolve every potential malware or cyber threat incident, but when it combines the modeling of both bad and good behavior, it can be a successful and powerful weapon against even the most advanced malware.
How viruses are detected ?
We have to understand that we can classify viruses into two types:
The resident virus can be fast infectors type which is designed to infect as many files as possible and as well as slow infectors using stealth and encryption techniques to stay unexplored outlast. This virus may be one of the worst kinds as it can affect the system thoroughly.A non-resident virus is a computer virus that is not stored on the hard drive of the computer that is impacted. Rather it infects an executable file and upon execution of that file, it infects the system and may hop on another if the executable file is transferred to another system.
At present antivirus uses the technique of Signature technique, Heuristic technique and Metaheuristic Technique.Most malware detection products have used and depended on trapping or bad-behavior models. In threat trapping, passive technologies identify malware using models of bad behavior such as signatures. If a malware signature is found in an object, it is malicious. Today’s malware authors are quite adept at creating single-use or limited-use malware that will never be seen by signature-creating vendors. Without signatures, conventional detection tools that are dependent on bad-behavior models (Antivirus) are entirely ineffective. They will not detect this type of advanced malware.
One of the biggest evolutions in malware detection is the migration from trapping to hunting. This shift from trapping to hunting, or from bad-behavior to good-behavior modeling, is necessary because advanced malware is so sophisticated that it can easily evade security solutions that rely on bad-behavior models such as signatures. Because hunting technologies use good-behavior modeling and don’t rely on signatures, they are much more effective at discovering modern evasive malware.
Artificial intelligence automates good-behavior modeling
Applying AI to the task of developing good-behavior models solves many of the technical and resource challenges of detecting advanced malware
Performing all of these good-behavior modeling tasks would be virtually impossible to do manually. However, AI or machine learning is especially suited for this type of work. Unlike human beings, AI never tires, scales in extraordinary ways to handle very large datasets, and can automatically generate baseline models of normal behavior.
SONAR
Symantec one of the biggest security products provider in the world has developed STAR (Symantec’s Security Technology and Response) which has an engine, called SONAR, a core part which scans and detects the malware. SONAR system uses artificial Intelligence-techniques to learn the difference between good and bad applications. It looks for sequences of suspicious behaviors in running programs that are uncharacteristic of legitimate software; when SONAR observes such a suspicious sequence, it can terminate and remove the offending program immediately, without any virus fingerprints.
