In this talk, we describe DeepLocker, a novel class of highly targeted and evasive attacks powered by artificial intelligence (AI). As cybercriminals increasingly weaponize AI, cyber defenders must understand the mechanisms and implications of the malicious use of AI in order to stay ahead of these threats and deploy appropriate defenses.
DeepLocker was developed as a proof of concept by IBM Research in order to understand how several AI and malware techniques already being seen in the wild could be combined to create a highly evasive new breed of malware, which conceals its malicious intent until it reached a specific victim. It achieves this by using a Deep Neural Network (DNN) AI-model to hide its attack payload in benign carrier applications, while the payload will only be unlocked if—and only if —the intended target is reached. DeepLocker leverages several attributes for target identification, including visual, audio, geolocation, and system-level features. In contrast to existing evasive and targeted malware, this method would make it extremely challenging to reverse engineer the benign carrier software and recover the mission-critical secrets, including the attack payload and the specifics of the target.
We will perform a live demonstration of a proof-of-concept implementation of a DeepLocker malware, in which we camouflage well-known ransomware in a benign application such that it remains undetected by malware analysis tools, including anti-virus engines and malware sandboxes. We will discuss technical details, implications, and use cases of DeepLocker. More importantly, we will share countermeasures that could help defend against this type of attack in the wild.
Speakers
Dhilung Kirat
Dhilung Kirat is a Research Scientist in the Cognitive Cybersecurity Intelligence group of the Security Research department at IBM T.J. Watson Research Center. Dhilung received his PhD in Computer Science from University of California, Santa Barbara. His research interests revolve around areas of computer security, in particular malware analysis, AI-powered security analytics, and ethical hacking research.
Jiyong Jang
Jiyong Jang is a Research Scientist in the Cognitive Cybersecurity Intelligence (CCSI) Group at the IBM Thomas J. Watson Research Center. He received his PhD in Electrical and Computer Engineering from Carnegie Mellon University. His research interests include most areas of computer security, with an emphasis on software and network security. His current research focuses on cognitive security offense analytics and big data security analytics for malware analysis, network security, and web security in complex networking systems.
Marc Ph. Stoecklin
Marc Ph. Stoecklin is a Principal Research Scientist and Manager of the Cognitive Cybersecurity Intelligence (CCSI) group at the IBM T.J. Watson Research Center in Yorktown Heights, NY. He leads the cognitive security research activities at IBM, with a particular focus on applying artificial intelligence (AI) and machine learning to cybersecurity, including advanced threat detection, security/threat intelligence consolidation, active cyber deception, big data cybersecurity analytics, as well as malware and security analysis (ethical hacking). Marc holds a PhD degree in Computer, Communication and Information sciences from École Polytechnique Fédérale de Lausanne (EPFL), Switzerland.
Detailed Presentation:
(Source: Black Hat USA 2018, Las Vegas)
Comments