A technique developed by researchers at the U.K.'s Cardiff University can be used to automatically detect and thwart cyberattacks against computers, laptops and smart devices in under just one second.

In collaboration with aerospace firm Airbus, the Cardiff team used artificial intelligence (AI) and machine learning to monitor and predict the behavior of malware. This is in contrast to traditional antivirus approaches that analyze what a segment of malware looks like and identifies it based on recognition alone.

Source: Cardiff UniversitySource: Cardiff University

However, the Cardiff team explained: “…the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioral profile."

As such, the team trained computers to perform simulations on specific segments of malware, thereby making it possible to develop quick predictions in under just one second of how the malware will behave going forward. Once identified as malicious, the new approach seeks to eliminate it.

Although current products dubbed endpoint detection and response (EDR) are designed to protect desktops, laptops and mobile devices, quickly detecting, analyzing, blocking and containing attacks in progress, such products need to send the collected data to administrators for a response to be implemented. However, by this time, according to the researchers, that malware has likely already caused damage.

During testing of the new detection method, the Cardiff team set up a virtual computing environment to represent a group of laptops, each of which ran as many as 35 applications simultaneously to simulate normal behavior.

Using thousands of samples of malware, researchers determined that the AI detection method reportedly prevented up to 92% of the files on a computer from being corrupted — taking just 0.33 seconds on average to eliminate a piece of malware.

The article, Real-Time Malware Process Detection and Automated Process Killing, appears in the journal Security and Communication Networks.

To contact the author of this article, email mdonlon@globalspec.com