It's always 'signatures' as probabilities in the end that are getting classified and matched. You don't need to figure our how the AI has correlated things, you only need the ability to mimic what the AI has classified as benign software. There is a large parallel area of research into defeating AI based systems that's turned into a Spy-vs-Spy continuing series. Countermeasures should be just as effective. I have low confidence that behavior differences as indirectly detected by EM emissions (as a marker of X activity) is a robust method of malware detection.

https://arxiv.org/abs/2104.15064

Yes, I am familiar with the research into defeating AI, for example in facial recognition. But the key thing here is the correlation is not with particular execution but, if successful with necessary execution, that is, with those things malware must do in order to be malware. As I've said, how successful it can be is an open question but it is a real question, I think, not a foregone conclusion.

 

Yes, I am familiar with the research into defeating AI, for example in facial recognition. But the key thing here is the correlation is not with particular execution but, if successful with necessary execution, that is, with those things malware must do in order to be malware. As I've said, how successful it can be is an open question but it is a real question, I think, not a foregone conclusion.

As usual the problem is with the actual authentication of data in the side-channel. Sure, malware must do in order to be malware but there is no compute requirement that those operations generate detectable malware side-channel emissions that a remote EM wave 'oracle' can use to make a detection. Once the malware writers see this as a viable countermeasure they will up the game.

 

I like how this thread almost turned into a poop fight but then was rescued by thoughtful discourse. That doesn't happen often enough. Thank you.