Sun Sentinel Palm Beach Edition

To fight off ransomware, AI is getting more aware

Machine learning becomes player in contest vs. attacks

- By Anick Jesdanun

NEW YORK — Twice in the space of six weeks, the world has suffered major attacks of ransomware — malicious software that locks up photos and other files stored on your computer, then demands money to release them.

It’s clear that the world needs better defenses, and those are starting to emerge. When they arrive, we may have artificial intelligen­ce to thank.

Ransomware isn’t necessaril­y trickier or more dangerous than other malware that sneaks onto your computer, but it can be much more aggravatin­g, and at times devastatin­g. Most such infections don’t get in your face about taking your digital stuff away from you the way ransomware does, nor do they shake you down for hundreds of dollars or more.

Despite those risks, many people just aren’t good at keeping up with security software updates. Both recent ransomware attacks walloped those who failed to install a Windows update released a few months earlier.

Watchdog security software has its problems, too. With this week’s ransomware attack, only two of about 60 security services tested caught it at first, according to security researcher­s. “A lot of normal applicatio­ns, especially on Windows, behave like malware, and it’s hard to tell them apart,” said Ryan Kalember of security vendor Proofpoint.

Two or three characteri­stics might not properly distinguis­h malware from legitimate software. But how about dozens? Or hundreds? Or even thousands?

For that, security researcher­s turn to machine learning, a form of artificial intelligen­ce. The security system analyzes samples of good and bad software and figures out what combinatio­n of factors is likely to be present in malware.

As it encounters new software, the system calculates the probabilit­y that it’s malware and rejects those that score above a certain threshold. When something gets through, it’s a matter of tweaking the calculatio­ns or adjusting the threshold. Researcher­s sometimes see a new behavior to teach the machine.

On the flip side, malware writers can obtain these security tools and tweak their code to see if they can evade detection. Some websites offer to test software against leading security systems. Eventually, malware authors may start creating their own machine-learning models to defeat security-focused artificial intelligen­ce.

Dmitri Alperovitc­h, cofounder and chief technology officer at CrowdStrik­e, said that even if a particular system offers 99 percent protection, “it’s just a math problem of how many times you have to deviate your attack to get that 1 percent.”

Still, security companies employing machine learning have claimed success in blocking most malware, not just ransomware. SentinelOn­e even offers a $1 million guarantee against ransomware; it hasn’t had to pay it yet.

?? VADIM GHIRDA/AP ?? A screenshot in Romania shows the message displayed on computers affected by the latest attack of ransomware, which locks up files and demands money to release them.
VADIM GHIRDA/AP A screenshot in Romania shows the message displayed on computers affected by the latest attack of ransomware, which locks up files and demands money to release them.

Newspapers in English

Newspapers from United States