Using Machine Learning to Create a Smart Antivirus

One of the greatest challenges in the fight against malware is that the enemy keeps changing tactics. Malware developers, like antivirus (AV) vendors, are constantly updating their methods, code used, filenames, command and control (C&C) locations, and more—all in an effort to remain undetected. Traditional AV, and even next generation AV, all rely on historical signature and behavior data generated back in an AV vendor’s lab, which can take hours to develop a signature that can be pushed out to every client.  But with new springing up all the time, four hours is a lifetime.  

Thinking back just a few months, the WannaCry ransomware hit over 200K machines worldwide. While that seems rather small given the number of machines in the world, it still makes the point that in today’s climate of malware protection, we no longer have hours to respond.

Gathering Data Using Machine Learning

What’s coming next is data gathering at the front lines using machine learning and millions of sample endpoints. The concept of obtaining information from large numbers of sources has been especially viable with the modern internet. We’ve seen crowdsourcing, crowdfunding, and even crowdsolving. And this concept has moved in recent years , applying to things like autonomous driving—companies like Tesla^® leverage the data from all of its cars. In fact, last year, the number of miles of data was at 780 million and growing at a rate of a million miles every 10 hours. 

So, there’s something really valuable about utilizing the data found across millions of sample endpoints in real time. And no greater opportunity exists than that of leveraging the experiences of millions of endpoints to build a “smart” antivirus. As each endpoint interacts with malware, the specific actions, behaviors, methods of injection, code used, and more can all be documented and aggregated to develop a signature to be deployed to every other endpoint in the world. 

The Rise of Smart Antivirus

Microsoft^® just announced it plans to leverage 400 million endpoints as part of its development of Smart AV. It also plans on utilizing data from Azure^® and its Endpoint Protection product as part of this effort. 

Using artificial intelligence and machine learning, the process of identifying malware behaviors to detect the same malware on another endpoints can be completely automated. And, unlike humans, the process of machine learning implies a constant state of improvement in the identifying, definition, and detection of malware at a much faster and more accurate pace. 

Nick Cavalancia has over 20 years of enterprise IT experience and is an accomplished executive, consultant, trainer, speaker, and columnist. He has authored, co-authored and contributed to over a dozen books on Windows^®, Active Directory^®, Exchange^™ and other Microsoft technologies. Nick has also held executive positions at ScriptLogic^®, SpectorSoft^® and Netwrix^® and now focuses on the evangelism of technology solutions.

Follow Nick on Twitter^® at @nickcavalancia

Click here to find out how SolarWinds^® Risk Intelligence can help you protect your business.

© 2017 SolarWinds MSP UK Ltd. All rights reserved.