– Antivirus Against Generative AI-basedMutant Malware –
After conducting the first functionalityand performance evaluation of Antivirus (AV) in January 2023, we are back with anewer evaluation in 2024. The definition and necessity of AV are alreadyexplained in the previous blog post, ‘Part 1. Performance and FunctionalityEvaluation of Antivirus’, in 2023. This article will outline the process forselecting AV products for evaluation and a new approach to analyzing effectivefunctionality and performance.
Selecting Antivirus Products for Functionality andPerformance Evaluation
Antivirus vendors differentiate theirproducts based on their unique malware detection technology know-how andsecurity philosophies, resulting in various AV products from differentmanufacturers competing in the market.
This study focuses on the free (and someproducts are paid) versions of AVs for general users, excluding enterpriseproducts. In this study, 15 AVs were selected based on their popularity in themarket and previously developed test evaluation criteria, and these productswere narrowed down to 10 AVs that can be evaluated in a close comparison for anew planned functionality and performance evaluation.
Fig 1. Various antivirus vendors
AI Can Make Malware?
Generative AI is an artificial intelligencetechnology specialized in learning from the output of human-generated text,voice, image, and video data to generate new output. Like traditional AIlearning models, generative AI can learn patterns and structures from largedatasets and then use this information to generate new data similar to, but nota replica of, the training data. As such, generative AI is able to usegenerative algorithms to create any type of content imaginable, includingimages, text, audio, video, and more.
Fig 2. Different types of generative contentusing generative AI
Generative AI, which can take many formats,has been warned by many experts since the technology’s inception for criminaluse. Recent research has proven that it can also be used to create malware.Moreover, generative malware based on generative algorithms, such as GenerativeAdversarial Networks (GANs) and Reinforcement Learning, has been reported thatthe resulting malware can evade detection by legacy AVs. This is a very serioussecurity issue that can render legacy security systems ineffective. Therefore,we want to find out if and to what extent legacy AVs can detect mutant malwarecreated using generative AI. Our research team will answer this question onceand for all. In addition to previous testing (January 2023), we will analyzethe functionality and performance of AVs using various malware samples andmutant malware created using generative AI.
Conclusion
In this post, we’ve outlined our processfor selecting antivirus products for testing and our approach to the newfeatures and analysis study. Our research team designed the test methodology toidentify new security threats that can be exploited by generative AI, which hasbecome a hot topic in recent years. In the next post (Part 2), we’ll presentour findings after analyzing the functionality and performance of 10 AVproducts using our new test methodology and generative AI-powered mutantmalware.
Reference
[1] https://csrc.kaist.ac.kr/blog/2023/01/27/안티바이러스-기능-및-성능-분석-1부/
[2] https://m.boannews.com/html/detail.html?idx=126180
[3] Ebrahimi, Mohammadreza, et al. “Binary black-box evasion attacks against deep learning-based static malware detectors with adversarial byte-level language model.” arXiv preprint arXiv:2012.07994 (2020).
[4] https://www.redhat.com/ko/topics/ai/what-is-generative-ai
[5] https://aws.amazon.com/ko/what-is/generative-ai/
[6] https://namu.wiki/w/생성형%20인공지능
[7] https://www.hani.co.kr/arti/economy/it/1095748.html
[8] https://www.aitimes.com/news/articleView.html?idxno=150073
[9] https://www.etnews.com/20231215000212
[10] https://www.neebal.com/blog/generative-ai-vs.-predictive-ai-unraveling-the-distinctions-and-applications
KAIST 사이버보안연구센터 사이버위협분석팀 연구원으로 악성코드 분석 프로그램 및 연구를 수행하고 있다.
KAIST 사이버보안연구센터 사이버위협분석팀 연구원으로 블록체인 및 소프트웨어 테스팅 연구를 진행하고 있다.