A new method that could automatically detect and kill cyberattacks on our laptops, computers and smart devices in under a second has been created by researchers at Cardiff University.
Using artificial intelligence in a completely novel way, the method has been shown to successfully prevent up to 92 per cent of files on a computer from being corrupted, with it taking just 0.3 seconds on average for a piece of malware to be wiped out.
Publishing their findings in the journal Security and Communications Networks, the team say this is the first demonstration of a method that can both detect and kill malicious software in real-time, which could transform approaches to modern cybersecurity and avoid instances such as the recent WannaCry cyberattack that hit the NHS in 2017.
Using advances in artificial intelligence and machine learning, the new approach, developed in collaboration with Airbus, is based on monitoring and predicting the behaviour of malware as opposed to more traditional antivirus approaches that analyse what a piece of malware looks like.
“Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’,” co-author of the study Professor Pete Burnap explains.
“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioural profile.”
By training computers to run simulations on specific pieces of malware, it is possible to make a very quick prediction in less than a second of how the malware will behave further down the line.
Once a piece of software is flagged as malicious the next stage is to wipe it out, which is where the new research comes into play.
“Once a threat is detected, due to the fast-acting nature of some destructive malware, it is vital to have automated actions to support these detections,” continued Professor Burnap.