DeepLocker: Weaponizing AI In Malware Development
In today’s world, where Internet rules almost everywhere, there have been risks for malware threats, which emerge from worms and viruses that are generated by an unknown and uninvited attacker to evade our personal information. In response to such attacks, the security industry developed efficient antivirus software that could save our PCs from unwanted attacks.
However, major threats such as the cross-site request forgery (CSRF) or the cross-site scripting (XSS) are still difficult to combat. Again, with the introduction of analytics, mobile, cloud and social media, advanced level of threats are ruling the charts. Now recent malware development is taking help of Artificial Intelligence (AI).
There has been a shift to the use of machine learning in the IT sector and cybercriminals are thinking to make the most out of AI in order to attack our devices.
What is DeepLocker?
DeepLocker is one such weapon powered by AI. It is being developed under a progressive study at the IBM Research center in the US, with an aim to build advanced defense mechanisms to stay ahead of the cybercriminals. With DeepLocker, researchers would be able to understand the current existing AI models that can be combined with the current malware techniques and empower the existing new breed of malware.
DeepLocker malware can sense and identify victim computer’s vulnerabilities. It identifies the target through facial or voice recognitions along with several other settings. Researchers indicate that DeepLocker uses “spray and pray” mechanism of a regular malware and can infect a large number of systems without even getting detected.
This malware just requires your photo, which can be easily extracted from your social media profiles such as Twitter, Google+, or LinkedIn in order to target you. Just to demonstrate its implications, the research team at IBM designed a proof of concept in which they use a video conferencing application to infect devices. The malware remained undetected by any of the tools that are used in malware analysis and include antivirus engines as well as malware sandboxes.
DeepLocker has certainly changed the scenario in the malware evasion by adopting a completely different approach from the currently existing evasive and targeted malware. It hides the malicious payload that comes along with various applications such as conference software so as to avoid the detection by a malware scanner.
As the malware makes use of Artificial intelligence, it can trigger conditions through a deep neural network AI model and can reverse the attack by unlocking the payload only when the intended target is reached. This neural network generates a key that is needed to unlock the attack. DeepLocker can leverage different attributes and identify its target which can include geolocation, audio, and several system level features.
The issue with the neural network model is that it can enumerate the possible trigger conditions and can prove to be quite challenging for the malware analyst to reverse it and recover the critical secrets that can include the attack payload and the specification of the target. When the attackers happen to infiltrate a target with malware, there are two main components that are needed to be concealed, which are the trigger conditions and attack payload.
DeepLocker can enhance the black-box nature of the DNN AI model so as to conceal the trigger condition, which is converted to a deep convolutional network that is certainly hard to decipher. Moreover, it can easily convert the trigger condition into a “key” or “password” that can unlock the attack payload.
The people at IBM research, are studying the AI-powered attacks and have been successful in identifying the new traits in comparison to the traditional attacks. As the increased evasiveness of the AI-powered attacks happens to challenge the traditional rule-based security tools, they have enabled new speeds and scale of attacks.
In return, they are trying to build defense systems that would help in detecting the potential attacks that can have a massive attack. Also, they are analyzing the manner in which the apps behave on user devices and develop technology to flag events when an app behaves in an uncertain way.