Researchers Easily Trick Security Firm Cylance's AI-Based Antivirus Into Thinking Programs Like WannaCry and Other Malware Are Benign (vice.com) 41
By taking strings from an online gaming program and appending them to malicious files, researchers were able to trick Cylance's AI-based antivirus engine into thinking programs like WannaCry and other malware are benign. From a report: AI has been touted by some in the security community as the silver bullet in malware detection. Its proponents say it's superior to traditional antivirus since it can catch new variants and never-before-seen malware -- think zero-day exploits -- that are the Achilles heel of antivirus. One of its biggest proponents is the security firm BlackBerry Cylance, which has staked its business model on the artificial intelligence engine in its endpoint PROTECT detection system, which the company says has the ability to detect new malicious files two years before their authors even create them. But researchers in Australia say they've found a way to subvert the machine-learning algorithm in PROTECT and cause it to falsely tag already known malware as "goodware." The method doesn't involve altering the malicious code, as hackers generally do to evade detection. Instead, the researchers developed a "global bypass" method that works with almost any malware to fool the Cylance engine. It involves simply taking strings from a non-malicious file and appending them to a malicious one, tricking the system into thinking the malicious file is benign.
The benign strings they used came from an online gaming program, which they have declined to name publicly so that Cylance will have a chance to fix the problem before hackers exploit it. "As far as I know, this is a world-first, proven global attack on the ML [machine learning] mechanism of a security company," says Adi Ashkenazy, CEO of the Sydney-based company Skylight Cyber, who conducted the research with CTO Shahar Zini. "After around four years of super hype [about AI], I think this is a humbling example of how the approach provides a new attack surface that was not possible with legacy [antivirus software]."
The benign strings they used came from an online gaming program, which they have declined to name publicly so that Cylance will have a chance to fix the problem before hackers exploit it. "As far as I know, this is a world-first, proven global attack on the ML [machine learning] mechanism of a security company," says Adi Ashkenazy, CEO of the Sydney-based company Skylight Cyber, who conducted the research with CTO Shahar Zini. "After around four years of super hype [about AI], I think this is a humbling example of how the approach provides a new attack surface that was not possible with legacy [antivirus software]."
cylance is garbage (Score:1)
Overpriced worthless garbage this Cylance crap. Usually it just breaks valid applications and blocks pretty much nothing it seems. Good job.
Re: (Score:1)
Well...
That seems perfect for corporations.
It could be added to the Bluecoat and Evil Corporate Proxy to maximize employee frustration.
Re:cylance is garbage (Score:4, Funny)
Overpriced worthless garbage this Cylance crap. Usually it just breaks valid applications and blocks pretty much nothing it seems. Good job.
In other words, it performs in line with antivirus industry expectations.
Cylance is such a joke (Score:3)
We have it where I'm at. It's crap. Constantly mis-categorizes microsoft DLLs!
We're trying to get rid of it, this is just one more bullet in the box for our pleading the case to get anything else in here.
Cylance CS attitude is just as piss-poor as their CEO... they can do nothing wrong, their product is the best. According to them, of course.
Re: (Score:1)
We have it where I'm at. It's crap. Constantly mis-categorizes microsoft DLLs!
We're trying to get rid of it, this is just one more bullet in the box for our pleading the case to get anything else in here.
Cylance CS attitude is just as piss-poor as their CEO... they can do nothing wrong, their product is the best. According to them, of course.
It allows them to run?
Re: (Score:3)
Let me guess,"Skylight Cyber" has two employees ........
Probably, but does it matter? Lots of security shops are pretty small. That is the state of the industry right now. I have seen little if any evidence these small shops don't frequently do research and provide services at a level equal to or better than what comes out of the big shops, ie Deloite, Verizon, Accuvant, etc.
In this case the article and methods are public. I read it, solid work. Could they have faked the whole thing.. I suppose so as I don't have a copy of Cylance here to try anything out on b
AI/ML hype (Score:2)
The topic was the "age of algorithms" we live in.
It was a total glossy "feel good" pr stunt.
There is this general hype coming out that AI and algorithms in general shouldn't be questioned. That we are just supposed to trust it.
At the discussion you could sense a general unease in the audience, all the while the academics on the panel were like "don't worry, be happy!"
Re: (Score:2, Informative)
This is not new. This has been a well known problem with Cylance since day one. Launch a piece of common, well known malware in something like a simple compiled AutoIT script and you will likely easily bypass Cylance.
The best thing Cylance has going for it is their marketing department.
Back to the future (Score:1)
"the company says has the ability to detect new malicious files two years before their authors even create them."
Do they have a secret timemachine?
Whitelisting and false positives (Score:3)
The impression I get from reading comments from those who have used it is that it relies heavily on whitelisting to work well. If that's true it's a negative for AI, because all you've done is turn human operators into the deciding factor - any product can offer security by not running things that haven't been declared safe by an administrator.
Sure enough, this comparative test shows that it has a high FP rate, suggesting whitelisting may be necessary more so than with other products:
https://www.av-comparatives.or... [av-comparatives.org]
Re: (Score:2)
And whitelisting is "brute force," it's "intelligent," and "human learning."
That shit doesn't sell very well.
I have YET to read about AI and ML that actually does anything acceptably well.
Re: (Score:2, Interesting)
The impression I get from reading comments from those who have used it is that it relies heavily on whitelisting to work well. If that's true it's a negative for AI, because all you've done is turn human operators into the deciding factor - any product can offer security by not running things that haven't been declared safe by an administrator.
Sure enough, this comparative test shows that it has a high FP rate, suggesting whitelisting may be necessary more so than with other products: https://www.av-comparatives.or... [av-comparatives.org]
Typically, with anti malware you have to pick one:
- Good protection versus zero day
- Non-disruptive to business operations (within reason)
Cylance was marketed as the former, which is why this article is interesting. Most malware is just old attacks rearranged, and traditional antiviruses were incapable of detecting that. But the problem is there will ALWAYS be new attacks developed, so neither inference nor maintaining and distributing blacklists will work 100%.
Re: (Score:3)
Most malware is just old attacks rearranged, and traditional antiviruses were incapable of detecting that.
That is wrong. Traditional antiviruses use combinations of fingerprinting, heuristics, and emulation and even code analysis to do exactly that.
The fact that you even bought into this suggests you've accepted their marketing without questioning it.
Re: (Score:1)
Most malware is just old attacks rearranged, and traditional antiviruses were incapable of detecting that.
That is wrong. Traditional antiviruses use combinations of fingerprinting, heuristics, and emulation and even code analysis to do exactly that.
The fact that you even bought into this suggests you've accepted their marketing without questioning it.
Oh no I hate Cylance's marketing, but whenever I looked up a sample that our AV was having problems with, theirs was catching it.
We used Symantec when I started, Trend Micro for a few years after that, and then settled on Sophos. The problem we had with Symantec was as soon as a piece of malware started making the rounds, it was too long until definitions were available. I don't know what other features it claimed to have at the time but we had issues with zero day binaries multiple times.
I know Trend use
It isn't "AI" ... (Score:2)
... until it refuses to function when Facebook is down.
Seriously.
Crystal ball bull shit ... (Score:2)
... which the company says has the ability to detect new malicious files two years before their authors even create them.
So they knew full goddam well that malware could be wrapped in Candy Crush Saga two (2) years ago but didn't tell anybody?
Marketeers conflating AI and ML, as always (Score:3)
We're nowhere near Artificial Intelligence. Machine Learning is interesting, but extremely limited technology that's not yet ready to be trusted for anything important.
Re: (Score:1)
It also takes some human intelligence to properly implement ML.
For example, here the problem clearly is that if a majority of a sample is similar to a benign sample, it is allowed. Which is just stupid considering how viruses work (infect legitimate files, creating a hybrid which contains all the legitimate content plus a small malicious payload).
On the other hand, if ML were used to evaluate each individual block of machine code, and then the determination given the sample were the maximum (not average!)
Re: (Score:1)
Re:Cylance isn't AI or ML (Score:5, Informative)
It only inspects a binary on launch so this makes it really lightweight and low-impact on the client end (~50MB installed) and results are returned quickly, unlike Sophos and the rest that have to scan the entire hard drive before being able to offer protection.
This is false. All conventional AV products have an on-demand scanner that can scan an entire drive on demand (you start it, or it's scheduled), _and_ an on-access scanner, which scans files when the are accessed (read, executed).
No credible conventional AV product needs to scan the entire hard drive before they offer protection. That would be ludicrous. Also, most AV products now are additionally supplemented by "cloud protection" features, usually where file fingerprints are checked to see how many other users have trusted the file.
Most conventional AV does offer a form of "AI" also, except it's a heuristic model, designed to score unknown programs against known risk indicators.
Essentially, Cyclance isn't offering wildly better protection than already exists, and perhaps worse in some areas.
Re: (Score:3)
Like taking candy from a baby (Score:2)
The AI is only a couple of years old, try it in a dozen years.
WTF kind of claim is this?!? (Score:2)
...the company says has the ability to detect new malicious files two years before their authors even create them.
Uh, what? You're telling me your "AI" can both predict the future AND read minds?
How did anyone not laugh at loud at that claim?
Technical details (Score:1)