The future of antivirus protection is exciting. Much like our cars, trains, and boats, the future of antivirus runs on artificial intelligence. AI technology is one of the fastest growing sectors around the world and security researchers are continually evaluating and integrating the technology into their consumer products.
Consumer antivirus products with AI or machine learning elements are appearing thick and fast. Does your next antivirus subscription need to include AI, or is it just another security buzzword? Let’s take a look.
Traditional Antivirus vs. AI Antivirus
The term “artificial intelligence” once conjured fantastical images of futuristic technology, but AI is now a reality. To understand what AI antivirus is, you need to understand how traditional antivirus works.
A traditional antivirus uses file and data signatures, and pattern analysis to compare potential malicious activity to previous instances. That is, the antivirus knows what the malicious file looks like, and can move swiftly to stop those files from infecting your system, should you pick one up. That’s a very basic explanation. You can read more about how it works and what scans to use right here.
The antivirus on your system works well, don’t get me wrong. However, the number of malware attacks continues to rise, and security researchers regularly discover extremely advanced malware variants, such as Mylobot. Furthermore, some traditional or legacy antivirus solutions cannot compete with advanced threats such as the devastating WannaCry ransomworm, or the Petya ransomware that encrypts your Master Boot Record.
As the threat landscape shifts, so must the antivirus detection mechanisms.
AI antivirus (or in some cases, machine learning—more on this distinction in a moment) works differently. There are a few different approaches, but AI antivirus learns about specific threats within its network environment and executes defensive activities without prompt.
AI and machine learning antivirus leverage sophisticated mathematical algorithms combined with the data from other deployments to understand what the baseline of security is for a given system. As well as this, they learn how to react to files that step outside that window of normal functionality.
Machine Learning vs. Artificial Intelligence
Another important distinction in the future of antivirus is between machine learning algorithms and artificial intelligence. The two words are sometimes used interchangeably but are not the same thing.
- Artificial Intelligence (AI): AI refers to programs and machines that execute tasks with the characteristics of human intelligence, including problem-solving, forward planning, and learning. Broadly speaking, machines that can carry out human tasks in a manner we consider “intelligent.”
- Machine Learning (ML): ML refers to a broad spectrum of the current applications of AI technologies focusing on the idea that machines with data access and the correct programming can learn for themselves. Broadly speaking, machine learning is a means to an end for achieving AI.
Machine learning and AI are deeply intertwined, and you can see how the terms see occasional misuse. The difference in meaning with regards to antivirus is an important distinction. Most (if not all) of the latest antivirus suites implement some form of machine learning, but some algorithms are more advanced than others.
Machine learning in antivirus technologies isn’t new. It is getting more intelligent, and is easier to use as a marketing tool now that the wider public is more aware of ML and AI.
How Security Companies Use AI in Antivirus
There are a few antivirus solutions that use advanced algorithms to protect your system, but the use of true AI is still rare. Still, there are several antivirus tools with excellent AI and ML implementations that show how the security industry is evolving to protect you from the latest threats.
Cylance is a well-known name in machine learning and artificial intelligence cybersecurity. The enterprise-grade CylancePROTECT uses AI-techniques to protect a huge number of businesses, and they count several Fortune 100 organizations among their clientele. Cylance Smart Antivirus is their first foray into consumer antivirus products, bringing that enterprise-level AI protection into your home.
Cylance Smart Antivirus relies entirely on AI and ML to distinguish malware from legitimate data. The result is an antivirus that doesn’t bog your system down by constantly scanning and analyzing files. (Or informing you of its status every 15-minutes.) Rather, Cylance Smart Antivirus waits until the moment of execution and immediately kills the threat—without human intervention.
“Consumers deserve security software that is fast, easy to use, and effective,” said Christopher Bray, senior vice president, Cylance Consumer. “The consumer antivirus market is long overdue for a ground-breaking solution built on robust technology that allows them to control their security environment.”
Thanks for the shout out @sawaba I can vouch that the primary reason we launched Cylance Smart Antivirus is because our customers have told us they’ve grown frustrated with everything on the market now.
— Hiep Dang (@Hiep_Dang) June 19, 2018
Smart Antivirus does, however, have some downsides. Unlike other antivirus suites with active monitoring, Cylance Smart Antivirus allows you to visit potentially malicious sites. I assume this is confidence that the product will stop malicious downloads, but it doesn’t protect against phishing attacks or similar threats.
A single Cylance Smart Antivirus license costs $29 per year, while a $69 household pack lets you install on five different systems.
Deep Instinct uses deep learning (a machine learning technique) to detect “any file before it is accessed or executed” on your system. The Deep Instinct D-Client makes use of static file analysis in conjunction with a threat prediction model that allows it to eliminate malware and other system threats autonomously.
Deep Instinct’s D-Client uses vast quantities of raw data to continue improving its detection algorithms. Deep Instinct is one of the only companies with private deep learning infrastructure dedicated to improving their detection accuracy, too.
For most people, Avast is a familiar name in security. Avast Free Antivirus is the most popular antivirus on the market, and its history of protections goes back decades. Avast Free Antivirus has been “using AI and machine learning for years” to protect users from evolving threats. In 2012, the Avast Research Lab announced three powerful backend tools for their products.
- The “Malware Similarity Search” allows almost instantaneous categorization of huge samples of incoming malware. Avast Free Antivirus quickly analyzes similarities between existing malware files using both static and dynamic analysis.
- “Evo-Gen” is similar “but a bit subtler in nature.” Evo-Gen is a genetic algorithm that works to find short and generic descriptions of malware in massive datasets.
- “MDE” is a database that works on top of the indexed data, allowing heavy parallel access.
These three machine learning technologies collectively evolved as the foundation for Avast’s CyberCapture.
CyberCapture is a core feature of the Avast security suite, specifically targeting unknown malware and zero-days. When an unknown suspicious file enters a system, CyberCapture activates and immediately isolates the host system. The suspect file automatically uploads to an Avast cloud server for data analysis. Afterwards, the user receives a positive or negative notification regarding the status of the file. All the while, your data is feeding back into the algorithms to define further and enhance yours and others’ system security.
4. Windows Defender Security Center
The Windows Defender Security Center for enterprise and business solutions will receive a phenomenal boost as Microsoft turns to artificial intelligence to bulk out its security. The 2017 WannaCry ransomworm ripped through Windows systems after hackers released a CIA trove of zero-day vulnerabilities into the wild.
Microsoft is creating a 400 million computer-strong machine learning network to build its next generation of security tools. The new AI-backed security features will start with its enterprise customers, but eventually filter down to Windows 10 systems for regular consumers. Windows Defender is constantly improving in other ways, too, and is now one of the top enterprise and consumer security solutions. The below image illustrates a snapshot of how Windows Defender machine learning protections works.
Want a prime example of how machine learning antivirus springs into action? Randy Treit, a senior security researcher for Windows Defender Research, writes up the Bad Rabbit ransomware detection example. It’s worth a read (it’s short!).
Antivirus: More Advanced Than You Realized
Is your antivirus suite more advanced than you realized? Machine learning and artificial intelligence are undoubtedly making larger inroads with security products. But their current prominence is more buzzword than effective deployment.
Try not to worry too much about whether your antivirus has AI or is implementing machine learning techniques. In the meantime, here’s a comparison of the best free antivirus products for you to check out. AI or not, it is important to protect your system at all times.
And for more on AI, check out our introduction to Google’s TensorFlow and a comparison of deep learning, machine learning, and AI.
Image Credit: Wavebreakmedia/Depositphotos