Sun Sentinel Palm Beach Edition
To fight off ransomware, AI is getting more aware
Machine learning becomes player in contest vs. attacks
NEW YORK — Twice in the space of six weeks, the world has suffered major attacks of ransomware — malicious software that locks up photos and other files stored on your computer, then demands money to release them.
It’s clear that the world needs better defenses, and those are starting to emerge. When they arrive, we may have artificial intelligence to thank.
Ransomware isn’t necessarily trickier or more dangerous than other malware that sneaks onto your computer, but it can be much more aggravating, and at times devastating. Most such infections don’t get in your face about taking your digital stuff away from you the way ransomware does, nor do they shake you down for hundreds of dollars or more.
Despite those risks, many people just aren’t good at keeping up with security software updates. Both recent ransomware attacks walloped those who failed to install a Windows update released a few months earlier.
Watchdog security software has its problems, too. With this week’s ransomware attack, only two of about 60 security services tested caught it at first, according to security researchers. “A lot of normal applications, especially on Windows, behave like malware, and it’s hard to tell them apart,” said Ryan Kalember of security vendor Proofpoint.
Two or three characteristics might not properly distinguish malware from legitimate software. But how about dozens? Or hundreds? Or even thousands?
For that, security researchers turn to machine learning, a form of artificial intelligence. The security system analyzes samples of good and bad software and figures out what combination of factors is likely to be present in malware.
As it encounters new software, the system calculates the probability that it’s malware and rejects those that score above a certain threshold. When something gets through, it’s a matter of tweaking the calculations or adjusting the threshold. Researchers sometimes see a new behavior to teach the machine.
On the flip side, malware writers can obtain these security tools and tweak their code to see if they can evade detection. Some websites offer to test software against leading security systems. Eventually, malware authors may start creating their own machine-learning models to defeat security-focused artificial intelligence.
Dmitri Alperovitch, cofounder and chief technology officer at CrowdStrike, said that even if a particular system offers 99 percent protection, “it’s just a math problem of how many times you have to deviate your attack to get that 1 percent.”
Still, security companies employing machine learning have claimed success in blocking most malware, not just ransomware. SentinelOne even offers a $1 million guarantee against ransomware; it hasn’t had to pay it yet.