In my discussions with big data and machine learning experts, all boasted about how machine learning helps detect anomalies, transaction fraud, and malware, and all described ways that AI makes the enterprise environment safer. Fewer commentators are talking about the ways that bad actors are using the same machine learning capabilities to beat security and create a new breed of attacks.

IBM is now talking about it. IBM Researchers have created a tool called DeepLocker that explores the potential of machine learning in writing malware.

“DeepLocker has changed the game of malware evasion by taking a fundamentally different approach from any other current evasive and targeted malware. DeepLocker hides its malicious payload in benign carrier applications, such as a video conference software, to avoid detection by most antivirus and malware scanners,” said Marc Ph. Stoecklin, Principal RSM and Manager, Cognitive Cybersecurity Intelligence at IBM.

“What is unique about DeepLocker is that the use of AI makes the “trigger conditions” to unlock the attack almost impossible to reverse engineer. The malicious payload will only be unlocked if the intended target is reached. It achieves this by using a deep neural network (DNN) AI model,” he added.

Researchers trained the AI model to behave normally and wait for perfect conditions that identify specific victims. It can use multiple ways to identify its target, including visual, audio, geolocation, and system-level features.

That’s a nightmare scenario for security experts. “As it is virtually impossible to exhaustively enumerate all possible trigger conditions for the AI model, this method would make it extremely challenging for malware analysts to reverse engineer the neural network and recover the mission-critical secrets, including the attack payload and the specifics of the target,” said Stoecklin.

Once the target is identified, DeepLocker can convert the concealed trigger condition itself into a “password” or “key” that is required to unlock the attack payload.

The whole point of DeepLocker is to change the perception of the security community to face a new breed of AI powered malware. “We can’t, as an industry, simply wait until the attacks are found in the wild to start preparing our defenses. To borrow an analogy from the medical field, we need to examine the virus to create the vaccine,” said Stoecklin.

Source: https://securityintelligence.com/deeplocker-how-ai-can-power-a-stealthy-new-breed-of-malware/