Take a trail: in Russia, a neural network has been trained to search for malware

Russian scientists have taught a neural network to find malicious keylogger programs that steal passwords. According to experts from the St. Petersburg Federal Research Center of the Russian Academy of Sciences, the technology will strengthen protection against intruders. Details can be found in the Izvestia article.

How a neural network in Russia was trained to search for malware

The press service of the research center reported on April 9 that scientists from St. Petersburg taught the neural network to find malware.

"Researchers at the St. Petersburg Institute of Physics and Technology of the Russian Academy of Sciences have proposed an approach that allows using neural networks to detect keyloggers, programs that record the sequence of keystrokes of a keyboard or mouse," the report says. "The proposed algorithms can be integrated into network security systems to protect against intruders who are capable of using keyloggers, for example, to gain access to user accounts."

Photo: IZVESTIA/Eduard Kornienko

As Dmitry Levshun, senior researcher at the St. Petersburg Laboratory of Computer Security Problems at the Russian Academy of Sciences, explained, scientists have developed an approach that looks for traces of keyloggers in network traffic — in other words, it is aimed at the process of spyware interacting with remote servers. This solution is based on several artificial intelligence (AI) methods that can monitor the traffic of a user or organization and signal if suspicious network activity similar to the work of keyloggers is detected somewhere.

In office style: a miner is being distributed in Russia under the guise of Microsoft products

What threats are users facing and how to protect themselves

How else are neural networks used in the fight against viruses

Today, neural networks are actively used in information security software systems, says Ksenia Akhrameeva, Candidate of Technical Sciences, head of the cybersecurity laboratory at the Gazinformservice Cybersecurity Analytical Center, in an interview with Izvestia.

— In particular, technologies that have machine learning, behavioral analytics and automation are used to identify anomalies in the behavior of users and devices that may indicate potential security threats, — says the expert.

Modern neural network technologies are integrated into antivirus protection systems in four key areas, adds Ilya Pavlyuk, head of the Information Technology engineering group at the Digital Economy League. First, static analysis allows you to identify malicious patterns directly in the file code (for example, in Windows PE files).

Photo: IZVESTIA/Eduard Kornienko

Secondly, behavioral analysis monitors the activity of processes in real time and captures suspicious actions, from API calls to attempts to integrate into other processes. The third area is related to traffic analysis: algorithms help detect anomalies in network behavior (DDoS attacks, botnet activity, or hidden C2 traffic). The fourth aspect covers countering phishing and fraud through the recognition of fake websites, spam, and social engineering using NLP models.

"The leaders in the implementation of these technologies are DeepInstinct, Cylance (part of BlackBerry) and Darktrace, whose products demonstrate the effectiveness of AI solutions in the field of cybersecurity," notes Ilya Pavlyuk.

What are the pros and cons of neural networks in the fight against malware

Neural network modules have already become widely used in information security products of companies, as they allow to improve the quality and functionality of antiviruses, says Alexander Samsonov, a leading expert in the development and testing department of the Security Code company, in an interview with Izvestia. Their main advantage is that they can work where there are no precise criteria for evaluating the legitimacy of certain files and actions.

— In other words, the evaluation criteria are probabilistic, — explains the specialist. — Using classical signature methods, it can be much more difficult or even impossible to detect malicious activity in this way.

Photo: IZVESTIA/Anna Selina

The advantage of using neural networks as antiviruses is that they are able to identify threats and vulnerabilities where standard approaches do not work, Maxim Buzinov, head of the R&D Laboratory at the Solar Group Cybersecurity Technology Center, adds. For example, they can detect complex and hidden patterns in data that simple algorithms cannot handle, which makes it possible to effectively detect malware behavior at different levels of their activity.

Photo: IZVESTIA/Eduard Kornienko

At the same time, speaking about the disadvantages of neural networks as a tool against cyber threats, Samsonov notes the high cost, complexity of creation and training, high probability of errors of the first and second kind (false positive and false negative positives), as well as increased load on the equipment.

—Neural networks can also be subject to a data poisoning attack during the training process, when changes are made to the input datasets so that the neural network begins to react incorrectly to the input data already in the process," says the specialist.

Photo: IZVESTIA/Eduard Kornienko

Therefore, it is not always worthwhile to use highly resource-demanding machine learning algorithms where traditional methods of information protection work effectively, Maxim Buzinov emphasizes.

What is the future of neural networks in terms of combating viruses

The prospects of neural networks in antivirus systems depend on progress in the development of comprehensive cybersecurity methods, Ilya Pavlyuk believes. One of the key areas will be the development of hybrid systems that combine AI with more traditional methods such as signature and behavioral analysis. It can be expected that in the future this will increase the accuracy of threat detection and offset the weaknesses of individual technologies.

Where are you pouring us: cybercriminals can use unknown equipment in their homes

In the hands of intruders, it turns into an entry point for further hacking.

— Significant potential is hidden in cloud sandboxes, where AI models can analyze suspicious files in an isolated environment without risks to the infrastructure, — says the interlocutor of Izvestia. — Predictive models will make it possible to predict attacks more effectively by analyzing data on cyber threats.

According to Ilya Pavlyuk, in the future neural networks will be able to automatically respond to attacks, that is, not only detect, but also block them in real time (as in EDR/XDR systems). At the same time, the main trend will be the integration of neural networks into ESM platforms (Extended Detection and Response) for comprehensive enterprise protection.

Photo: IZVESTIA/Eduard Kornienko

At the same time, despite the projected growth, neural networks will not replace antiviruses, the expert believes. Rather, AI-based solutions will be their key complement, especially against complex and unknown threats. The development by Russian scientists is an important step, but its practical effectiveness will depend on testing in real conditions.

"It is important to understand that the cyber threat landscape is voluminous, dynamic, and not limited to malware," concludes Dmitry Galov, head of Kaspersky GReAT in Russia. — Therefore, for effective protection, users are recommended to use comprehensive security solutions that will help reduce cyber risks, including those related to scams, phishing, phone fraud and other cyber threats.