‘Application of artificial intelligence (AI)’ has emerged as the hot topic for cyber security industries as it is seen as a way to get rid of malwares and cyber-attacks that are increasing geometrically. Global companies such as IBM, Symantec, Trend Micro, and Kaspersky Lab are planning to apply Machine Learning to their security solutions. South Korea’s security companies are busy on developing Machine Learning and vaccine while control companies have developed their Machine Learning engines and applied them to their own products.
AhnLab (CEO Kwon Chi-joong) has developed Machine Learning system through its own research for 2 years and is currently operating it. It is a system that utilizes rules that are created mechanically and has humans add their intelligence and knowledge into parts that are not done by machines. AhnLab’s Machine Learning system learned 1.34 billion files without any sampling and is improving continuously.
AhnLab has applied Machine Learning engine to ‘AhnLab MDS Agent’, which is an intelligent solution that responds to threats. MDS Agent looks files that look suspicious as malwares within PCs and sends them to analytical servers. In order to strengthen MDS Agent’s ability to gather suspicious files, AhnLab has been pushing for projects that will apply Machine Learning system. AhnLab’s Machine Learning system collects files’ basic information such as size of file, information on header, particular location, and value of byte instead of behavior information that is complicated and hard to collect. It extracts 155 static information from single file.
SAINT SECURITY (CEO Kim Ki-hong) has developed ‘MAX’ which is next-generation antivirus based on AI. Global PC security markets are turning into next generation (NEDR). It has changed from a technique that searches PCs by collecting database (DB) of malware samples to a technique that automatically blocks threats that are not well known to public.
SAINT SECURITY has developed’ AI evaluation score algorithm (AI Score)’ that detects malwares. AI Score is calculated by adding file’s profiling information and static and behavior analytics that are based on Big Data. SAINT SECURITY’s Machine Learning system learns metadata such as name of file, behavior information, character string, PE information, and API call information of files that are introduced to PCs.
“MAX received a perfect score by finding malware that are not well known from tests by SE Lab.” said CEO Kim Ki-hong. “MAX learns data from ‘Malwares.com’, which is a platform that automatically analyzes malwares based on Cloud where more than 1 million malwares are collected per day.”
Application of AI to security control systems is also taking place.
SK Infosec (CEO Ahn Hee-cheol) started developing AI engines with a research team led by Professor Yoon Sung-ro and Professor Baek Yoon-heung of Seoul National University. SK Infosec’s ‘Secudium’ is a Big Data engine that quickly analyzes security events. Security controls distinguish threats based on rules that are defined by cyber-attacks in advance. AI engine automatically processes security controls’ serial processes.
“We are planning to have AI engines automatically detect, analyze, and respond to threats by learning effective data from Secudium engine on its own.” said Director Kim Yong-hoon of SK Infosec R&D Center. “SK Infosec and Seoul National University are going to apply AI engine that can distinguish treats that are not detected by rules to actual businesses by end of this year.”
IGLOO SECURITY (CEO Lee Deuk-choon) is working on having a process that focuses on analyzing suspicious events from ‘Spider TM’, which is an analytical platform that intuitively recognizes threatening information, automated. It is going to apply Machine learning algorithm that picks out normal events from suspicious events this year.
Staff Reporter Kim, Insoon | insoon@etnews.com