I’m not knowledgable at all at how current AV works, but from what I can gather, the majority of AV vendor detection methods do not flag programs based on general behavior. Rather, they rely on signatures and heuristics.
AI/ML based techniques flag based on how the malware behaves, so simple changes in the codebase will have little to no power on detection rates.
I wonder now: how will the malware authors of the future adapt to this?
So will look at the signature of Polymorphic code, the code base changes but the algorithm keeps the same pattern. Now with neural-network type AI. This proves to be a challenge, since it understands that all it has to do is change, signature,algorithm - You now have a scenario that you have to combat the situation with AI aswell, but the sole purpose of your AI is to track/monitor what the bad AI is doing and looking for a pattern in its behavior.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.