A new tool that could automatically detect and kill cyber attacks on computers and other devices in under a second has been created by researchers at Cardiff University.
The new method uses artificial intelligence to monitor and predict the behaviour of malicious software – malware – rather than the traditional antivirus approach of analysing what a piece of malware looks like.
According to the researchers, the method has been shown successfully to prevent up to 92% of files on a computer from being corrupted and takes on average 0.3 seconds to wipe out a piece of malware.
The method has been developed in collaboration with Airbus and takes advantage of technological advances in artificial intelligence and machine learning, the researchers said, having published their findings in the journal Security and Communications Networks.
Study co-author Professor Pete Burnap said: “Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’.”
“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software.
“We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioural profile.”
As part of the method’s development, it was trained by running simulations on specific pieces of malware to improve its ability to predict how malware will behave.
Matilda Rhode, lead author of the study and head of innovation and scouting at Airbus, said: “While we still have some way to go in terms of improving the accuracy of this system before it could be implemented, this is an important step towards an automated real-time detection system that would not only benefit our laptops and computers, but also our smart speakers, thermostats, cars and refrigerators as the ‘internet of things’ becomes more prevalent.”