CARDIFF, Wales — The Internet has simplified our lives immensely, but it’s also creating new concerns. Earlier generations never had to worry about malware or viruses, but the possibility of one’s personal or financial information falling into the hands of hackers is a real risk nowadays. On a more comforting note, scientists at Cardiff University have developed a new cybersecurity method capable of automatically detecting and stopping cyberattacks on laptops, computers, and smart devices in under a second.
Utilizing artificial intelligence “in a completely novel way,” this new method successfully prevented up to 92 percent of files on a computer from being corrupted. It takes the new method just 0.3 seconds on average to destroy a piece of malware.
This was only the first test demonstration of the method, which the team designed to both detect and kill malicious software in real-time. If further tests hold up, and the method becomes widely available, it could change modern cybersecurity as we know it. For instance, this method would have been a major asset during recent incidents such as the WannaCry cyberattack on the U.K.’s National Health Service in 2017.
Predicting where computer viruses will strike
Thanks to recent advances in both AI and machine learning, this new approach focuses on monitoring and predicting malware behaviors. This is vastly different than how most cybersecurity measures right now operate.
“Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’,” study co-author Professor Pete Burnap explains in a university release.
“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioral profile.”
The method actually trains computers to actively perform simulations on various malware bits, making it possible for the computer to near-instantly predict in less than a second how the malware will behave later on. Once it identifies any software as malicious, the next step is eliminating it ASAP.
“Once a threat is detected, due to the fast-acting nature of some destructive malware, it is vital to have automated actions to support these detections,” Professor Burnap adds. “We were motivated to undertake this work as there was nothing available that could do this kind of automated detecting and killing on a user’s machine in real-time.”
Cutting out the middle age in cyber security
Today, existing products called endpoint detection and response (EDR) shield end-user devices like desktops, laptops, and mobile devices from cyberattacks. These EDRs detect, analyze, block, and ultimately contain cyberattacks. The problem with EDRs is that the collected data must first travel to a group of administrators before any response can happen. Time is of the essence during cyberattacks, so this is not exactly ideal.
To test their new method, researchers set up a “virtual computing environment” to duplicate the usual activity seen on a group of laptops. Each “laptop” was running up to 35 applications simultaneously. The team then tested the new method against thousands of samples of malware.
“While we still have some way to go in terms of improving the accuracy of this system before it could be implemented, this is an important step towards an automated real-time detection system that would not only benefit our laptops and computers, but also our smart speakers, thermostats, cars and refrigerators as the ‘Internet of Things’ becomes more prevalent,” concludes lead study author Matilda Rhode, currently Head of Innovation and Scouting at Airbus.
The study is published in the journal Security and Communication Networks.