Google AI can detect malware in just 30 seconds

The most advanced version of the model Artificial intelligence (AI) that develops GoogleGemini 1.5 Pro, is capable of analyzing and detecting malicious code in about 30 seconds, as the VirusTotal team recently confirmed.

The company presented this latest generation of its model last February, when it announced that it introduced a new architecture with which it was capable of carrying out complex tasks in a more agile way and with improved performance and reasoning.

LOOK: Trojan masquerades as a Chrome update to steal accounts and banking details on Android

This version of its AI works with the Mixture-of-Experts (MoE) architecture, which divides the model into small neural networks, which are activated selectively depending on the type of information entered.

This model can also analyze, classify and understand long contexts, as it has the capacity to process up to a million tokens. For example, one hour of video, eleven hours of audio, code bases with more than 30,000 lines of code or more than 700,000 words.

The VirusTotal team, which belongs to Google, has recently verified the ability of this AI model to identify malicious code, as well as to recognize zero-day threats.

Firstly, he stressed in a statement that the “explosive” growth of these types of attacks “continues to challenge traditional manual analysis methods, underscoring the urgent need for better automation and innovative approaches.”

In this context, Gemini 1.5 Pro has been designed to help analysts “manage the asymmetric volume of threats more effectively and efficiently”, which is why it can function as “a powerful assistant” and can be used to detect code malicious.

Until now, traditional techniques for automated malware analysis are divided into two: static, which involves examining it without executing it; and dynamic, which indicates the opposite, carrying out this task in a controlled environment to monitor its behavior.

LOOK: What are the best artificial intelligence tools to use?

In this sense, Google has pointed out that, in parallel with these methods, AI and machine learning have been used “increasingly” to classify and group malware based on behavioral patterns and anomalies. .

This is what he wanted to demonstrate with Code Insightpresented at the RSA Conference 2023 cybersecurity fair, a platform specialized in analyzing code fragments and generating reports in natural language, emulating the approach of a malware analyst.

To complement the work of Code Insight, which has limited token input capacity, the VirusTotal team has worked with Gemini 1.5 Pro, which supports up to a million tokens and can analyze some decompiled executables “in a single pass”, thanks which eliminates the need to split the code into smaller fragments.

This model can also interpret the intent and purpose of the code and not just identify patterns. This is possible thanks to its training with a code data set, which covers the language of different architectures.

In this way, Gemini can emulate the reasoning and judgment of a malware analyst, predict their actions and provide information about threats, including those that have not been seen before (zero-day).

Finally, Google has said that the latest iteration of its AI model can generate summary reports in human-readable language, making the analysis process “more accessible and efficient.”

To test the effectiveness of Gemini 1.5 Pro in detecting malicious code, VirusTotal used it to analyze decompiled code with a representative malware sample. Thus, it processed two binary files of the WannaCry ‘ransomware’ – one of 268 KB and 231 KB – containing more than 280,000 tokens.

Although in his tests with other similar generative AI tools he had to divide the code into fragments for study, which generated “vague and non-specific results”, with Gemini 1.5 Pro, on the other hand, he did not see that need, since which was able to process all the disassembled or decompiled code in a single pass and deliver a report with the results in just 34 seconds.

LOOK: OpenAI challenges Google with the upcoming launch of its own search engine based on ChatGPT

Code decompilation involves constructing the original source code from binary, which can improve its readability and conciseness compared to assembled code, which goes through a process in which the binary code is converted to a low-level representation of the processor architecture.

According to Google, this initial analysis was “remarkably accurate” and showed its ability to handle large and complex data sets transparently and effectively.” Likewise, in this statement it has clarified that it is not based on previously trained knowledge of WannaCry. This means that the analysis arises from Gemini’s ability to independently interpret unknown and malicious code.

Researchers have also noted that Gemini 1.5 Pro demonstrates the same capability in both high-level language processing and assembly of various architectures, meaning that the analysis of potentially malicious files can be tailored to the specific circumstances of each case. .

TESTING WITH ZERO-DAY THREATS

The team of researchers has also tested the ability of Gemini 1.5 Pro to identify zero-day threats that are not detected by traditional methods, such as antivirus or the VirusTotal ‘sandbox’.

According to their findings, Google’s model was able to process an 833 KB file decompiled into 189,080 tokens in just 27 seconds, producing a complete malware analysis report in a single pass.

In addition to identifying malicious patterns, Gemini 1.5 Pro deciphered the main objective of this malware, which was intended to steal cryptocurrencies by hijacking Bitcoin transactions and evading detection by disabling security software.

Finally, Google has acknowledged that while the model “unlocks impressive capabilities” by being able to analyze large volumes of decompiled and disassembled code, there are still challenges to address “to achieve truly robust and reliable automated malware analysis.” Among them, attack techniques are constantly evolving, so developers must “learn and recognize new threats.”

Source: Elcomercio

Callum

I have worked in the news industry for over 10 years. I have a vast amount of experience in writing and reporting. I have also worked as an author for a number of years, writing about technology and other topics.

I am a highly skilled and experienced journalist, with a keen eye for detail. I am also an excellent communicator, with superb writing skills. I am passionate about technology and its impact on our world. I am also very interested in current affairs and the latest news stories.

I am a hardworking and dedicated professional, who always strives to produce the best possible work. I am also a team player, who is always willing to help out others.