Artificial Intelligence Apr 1, 2019

The future of virus scanners, or why we need maths and artificial intelligence.

Today’s antivirus programs are considered state-of-the-art. Companies all protect their clients, servers and/or gateways with antivirus software, which dutifully reports that various files have been found, validated or quarantined. Admins are reassured and financial backers gratified to see that their investment works as intended. But for how long?

Share article

In principle, forever. Since traditional, pattern-based virus scanners are too slow and easy to circumvent, we must change the underlying concept and technology. The big drawback of pattern-based scanners is that they are only able to find and block known viruses. This is an issue because attack patterns nowadays are constantly evolving, and pattern and hash-value detection can be outwitted simply by adding a single zero. A new approach is needed. Yes, we could have a permanent internet connection continuously downloading all new patterns, or we could send entire files to the cloud for analysis. But such solutions don’t work in isolated networks or when employees are on holiday.


So how can we solve such problems in future? How can we detect attacks without requiring an uninterrupted internet connection and never-ending updates? What if we didn’t have to wait for a file to be executed before deciding whether it’s harmful or not?


Enter artificial intelligence.

Artificial intelligence is the only solution. AI can learn from past attacks and identify new ones lurking in files that have never been seen before. AI doesn’t have to be online all the time, and its mathematical model ensures top-notch performance even on clients, servers and virtual systems. So how does AI detect and prevent future attacks?


It must be trained using countless files, both harmless and harmful. When it then encounters a new, unknown file, it can apply its trained algorithms to decide whether the file can be trusted.


Like learning to distinguish dogs from cats.

Consider how humans recognise dogs and cats. We are shown countless examples of these popular pets over the course of our lives. This has trained our brain not to see the animal as a whole, but to home in on its characteristics to determine whether it’s feline or canine. This same process can be taught to AI, enabling it to differentiate between harmful and harmless files before they’re executed. The characteristics of a file might include its structure, the compiler used or even the time zone in which the file was created. It’s clear that the advantages of AI make it highly suited to malware detection.


Cylance is an established software firm with seven years of experience in training this type of AI. Its solution detects files and takes decisions directly on the client itself, without requiring an internet connection or updates. Decisions take only about 100 milliseconds per file and merely 1/40 of the IOPS of a traditional antivirus scanner. Tests have shown that even a 20-month-old version of Cylance’s AI was able to detect WannaCry malware—simply by analysing its characteristics. In this same way, it will detect and thwart new attacks that have yet to materialise.

Christoph Barreith
Presales Consultant