![]() It also whitelists certain families of executable files to avoid triggering false positives on legitimate software. The Cylance engine keeps a scoring mechanism ranging from -1000 for the most malicious files, and +1000 for the most benign of files. The trick works even if the Cylance engine previously concluded the same file was malicious before the benign strings were appended to it. The researchers took advantage of this and appended strings from a non-malicious file to a malicious one, tricking the system into thinking the malicious file is safe and avoiding detection. How did the researchers trick Cylance into thinking bad is good?Ĭylance’s machine-learning algorithm has been trained to favor a benign file, causing it to ignore malicious code if it sees strings from the benign file attached to a malicious file. Essentially meaning if you could truly understand how a certain model works, and the type of features it uses to reach a decision, you would have the potential to fool it consistently. The researchers Adi Ashkenazy and Shahar Zini from Skylight Cyber say they can reverse the model of any AI-based EPP (Endpoint Protection Platform) product, and find a bias enabling a universal bypass. The bypass is not just limited to Cylance, researchers chose it as it is a leading vendor in the field and is publicly available. This discovery means companies working in the field of artificial intelligence-driven cybersecurity need to rethink their approach to creating new products. ![]() They identified a peculiar bias of the antivirus product towards a specific game engine and bypassed it to trick the product into accepting malicious malware files. Researchers from Skylight Cyber, an Australian cybersecurity enterprise, have tricked Blackberry Cylance’s AI-based antivirus product.
0 Comments
Leave a Reply. |