Page 23 - ARUBA TODAY

P. 23

A23
TECHNOLOGY Thursday 29 June 2017

How artificial intelligence is taking on ransomware

By ANICK JESDANUN system offers 99 percent
AP Technology Writer protection, “it’s just a math
NEW YORK (AP) — Twice problem of how many
in the space of six weeks, times you have to deviate
the world has suffered ma- your attack to get that 1
jor attacks of ransomware percent.”
— malicious software that Still, security companies
locks up photos and other employing machine learn-
files stored on your com- ing have claimed success
puter, then demands mon- in blocking most malware,
ey to release them. not just ransomware. Sen-
It’s clear that the world tinelOne even offers a $1
needs better defenses, million guarantee against
and fortunately those are ransomware; it hasn’t had
starting to emerge, if slowly to pay it yet.
and in patchwork fashion. A FUNDAMENTAL CHAL-
When they arrive, we may LENGE
have artificial intelligence So why was ransomware
to thank. still able to spread in re-
Ransomware isn’t neces- cent weeks?
sary trickier or more dan- Garden-variety anti-virus
gerous than other malware software — even some of
that sneaks onto your com- the free versions — can
puter, but it can be much help block new forms of
more aggravating, and at In this Monday, May 15, 2017, file photo, employees watch electronic boards to monitor possible malware, as many are also
times devastating. Most ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea. incorporating behavioral-
such infections don’t get Associated Press detection and machine-
in your face about taking learning techniques. But
your digital stuff away from such software still relies on
you the way ransomware viruses involved matching locked up. ent in malware. malware databases that
does, nor do they shake their code against a data- An even better approach As it encounters new soft- users aren’t typically good
you down for hundreds of base of known malware. identifies malware using ware, the system calcu- at keeping up to date.
dollars or more. But this technique was only observable characteristics lates the probability that it’s Next-generation services
Despite those risks, many as good as the database; usually associated with ma- malware, and rejects those such as CrowdStrike, Senti-
people just aren’t good at new malware variants licious intent — for instance, that score above a certain nelOne and Cylance tend
keeping up with security could easily slip through. by quarantining a program threshold. When something to ditch databases com-
software updates. Both re- So security companies disguised with a PDF icon to gets through, it’s a matter of pletely in favor of machine
cent ransomware attacks started characterizing mal- hide its true nature. tweaking the calculations learning.
walloped those who failed ware by its behavior. In the This sort of malware profil- or adjusting the threshold. But these services focus
to install a Windows update case of ransomware, soft- ing wouldn’t rely on ex- Now and then, research- on corporate customers,
released a few months ear- ware could look for repeat- act code matches, so it ers see a new behavior to charging $40 to $50 a year
lier. ed attempts to lock files by couldn’t be easily evaded. teach the machine. per computer. Smaller busi-
Watchdog security soft- encrypting them. But that And such checks could be AN ARMS RACE nesses often don’t have
ware has its problems, too. can flag ordinary com- made well before poten- On the flip side, malware the budget — or the focus
With this week’s ransom- puter behavior such as file tially dangerous programs writers can obtain these se- on security — for that kind
ware attack , only two of compression. start running. curity tools and tweak their of protection.
about 60 security services Newer techniques involve MACHINE VS. MACHINE code to see if they can And forget consumers;
tested caught it at first, looking for combinations Still, two or three character- evade detection. Some these security companies
according to security re- of behaviors. For instance, istics might not properly dis- websites already offer to aren’t selling to them yet.
searchers. a program that starts en- tinguish malware from le- test software against lead- Though Cylance plans to
“A lot of normal applica- crypting files without show- gitimate software. But how ing security systems. Even- release a consumer ver-
tions, especially on Win- ing a progress bar on the about dozens? Or hun- tually, malware authors sion in July, it says it’ll be a
dows, behave like mal- screen could be flagged dreds? Or even thousands? may start creating their own tough sell — at least until
ware, and it’s hard to tell for surreptitious activity, For that, security research- machine-learning models someone gets attacked
them apart,” said Ryan said Fabian Wosar, chief ers turn to machine learn- to defeat security-focused personally or knows a friend
Kalember, an expert at the technology officer at the ing, a form of artificial intel- artificial intelligence. or family member who has.
California security vendor New Zealand security com- ligence. The security system Dmitri Alperovitch, co- As Cylance CEO Stuart Mc-
Proofpoint. pany Emsisoft. But that also analyzes samples of good founder and chief technol- Clure puts it: “When you
HOW TO FIND MALWARE risks identifying harmful soft- and bad software and fig- ogy officer at the California haven’t been hit with a tor-
In the early days, identifying ware too late, after some ures out what combination vendor CrowdStrike, said nado, why would you get
malicious programs such as files have already been of factors is likely to be pres- that even if a particular tornado insurance?”q

18 19 20 21 22 23 24 25 26 27 28