41
Thus, a custom build application could have some form of artificial intelligence.
This application in our case will be the NeuroWorm.
NeuroWorm – is malicious software that utilizes artificial intelligence (AI).
If you think that this is some science fiction case and is not impossible, I will tell
you about the idea (already published) of developing AI program that can
improve itself. This is achieved through the Darwinism theory – only the best is
survives. The idea was: two confronting programs fights each other, finds the
weaknesses in the enemy and attacks them, finds weaknesses in itself and
improves their body.
One of the possible implementations of AI in malware could be developing the
ability for the dynamic self-defense.
Here is the concept and a very simple action script:
The malware lunch a number of "censors" to monitor and collect information from
the environment where it resides. The "censor" could be:
-
Network sniffer.
-
File, registry, process, API and other system monitors.
-
Black IDS, antivirus, honeypot or honeytoken.
One day, the system administrator of the affected organization, discovered the
malware and writes some script to kill it or runs some disinfection software (the
known security tools should be stoped by the Black Antivirus, as described in the
previous sections).
Then he lunches that script to clean infected computers. At the other side,
NeuroWorm "sees" that its nodes are killed, then it lunches (if not run before) the
AI to analyze the data collected from its censors. At the next step, the
NeuroWorm recognizes the "killing pattern" that can be:
-
Network communications of some programs or blocking the malware’s
communications.
-
API calls.
-
File names (or their hash).
-
Alternatively, any other pattern that can “describe” the process of killing
the malware.
Then the NeuroWorm finds the solution (with the help of AI) to protect itself, for
example:
-
Generate file signatures and import them to Black Antivirus.
-
Generate IDS\IPS rules and import them to Black IDS\IPS.
-
Block some API calls.
The malware survived before it was neutralized.
I did not say that implementing and running malware with artificial intelligence is
a simple task, not it all. What I want to point out is that:
 |
 |
 |