Deep learning is expanding fast in more areas, not just on the web and to the things that are powering it. Deep learning uses neural networks that mimic the human brain, and with that, people can teach computers to think and react like humans. One of which is to help antivirus software to identify threats.
If the technique is perfected, it would allow antiviruses to identify a particular piece of malicious software (malware) before it has been identified in the wild. This will make them able to recognize a threat before the threat is even pronounced.
Antivirus is a software which has a function to protect a system from any kind of intrusions or invasions which are done by a malicious software. The main motive behind these malwares are to steal data or corrupt a system without the knowledge of the user. The main techniques available by antiviruses to handle these kinds of threats include: Virus Detection, Virus Elimination, Virus Prevention, and Virus Immunity.
How antiviruses work is to read a suspicious file and mark it as an "input", perform detection algorithms on it as a "process", and the "output" is whether the file is infected or not.
While the database about viruses and malwares are increasing by the day, the number of new ones introduced are somehow overwhelming. For this reason, AI is seen as a solution.
AI is believed to be able to improve the performance of antivirus software and its detection abilities. The techniques are having an increasingly important role in antivirus detection in the modern era. Some principal artificial intelligence techniques have been applied in antivirus detection while some others are still proposed. Those included are: heuristic technique, data mining, agent technique, artificial immune, and artificial neural network.
Antivirus software with AI can be particularly helpful when it comes to identifying malware which has been slightly modified in an attempt to evade detection by typical antiviruses.
See To Learn: Working Independently
Malware and any other malicious programs are similar to other software in common: they all have patterns. Each is unique to their own tasks and purposes. These patterns enable them to do what they have to do, coded by the developers to work as designed.
While antivirus tries to understand the different patterns, how malware and viruses put out their payload and what files do they infect, the time it takes to identify them consumes resources on both the system and on the human side behind the antivirus.
The role of AI here is to decrease human intervention by making antiviruses on their own able to identify patterns by making it able to know threats by just seeing it. By identifying a new threat, the antivirus can then add the new pattern and character to its existing database.
By using AI to help software identify threats, it can breed a new generation of security software.
AI can train computers on a vast neural networks inside data centers. But once the model is trained, the system can run on smaller machines; such as smartphones and other mobile devices that usually have smaller storage and computing power.
This is possible by introducing an "agent" on the mobile device. The agent is a tiny piece of software that is already "trained, making it able to identify malware without having to connect itself to its data center (internet).
While this is possible, the practice is indeed difficult. Getting complex AI models onto small devices isn't easy. Google Now users for example, can use all of its features only when the app is connected to the internet. Minor tasks is possible, but highly limited.
At first, the AI works in two stages: training and execution. Both stages happen in the data center, enabling the system to tap into its vast knowledge inside its network of machines. After the system learns the thing it has to do, it can be then released as smaller beings which can run independently without its data centers supporting it.
But since such research has been out for more than many, people have seen claims to such advances many times in the industry. While this can indeed be a breakthrough, it would be just a matter of time until the technology can really be useful.
Further reading: Antivirus is Dead. Is it?