360 Total Security Blog

AI in cyber security: 360’s QVM

 

When AlphaGo, an AI program developed by Google to play the game “Go”, has effectively won a five-game match against one of the world’s best players, Lee Sedol, the development of Artificial Intelligence had reached new heights in history. Out of everyone’s surprise, MogIA, an AI system from India, beat most polls predicting the next president of the United States for its fourth time. As everyone sees AI begin to flourish in areas dominated by human, Security industry has adopted AI for years to combat rapidly growing number of new threats and cyber attacks.

QVM Invented in Respond to Rapid Increasing Number of Threats

In the cybersecurity industry, AI has taken center stage and been considered the next technology wave. The internet becomes so complicated that the traditional way of creating signatures or setting up firewalls doesn’t work well anymore. As a result, researchers are now developing artificial intelligence and machine learning systems to build different and more solid defense models. In 2010, Qihoo 360 firstly launched QVM (Qihoo Support Vector Machine) to deal with the rapid increasing number of threats.

QVM is a model that established from massive virus sample data and discovers evolution pattern of malware and viruses. With its self-improving and self-learning skills, QVM is able to respond accordingly to the increasing types and number of cyber attacks.

 

AI (QVM) Applied in the Security System

A new cybersecurity concept is called “cloud-pipe-point”. The “cloud”, the brain of this defense system, is a database combining AI to process millions of billions of data; “pipe” or the Internet simply said, connects the cloud and numerous end-points; and “point” implies user’s device. This model uses the storage and calculating ability from the cloud, and integrates AI’s computing skills to stop any malicious activities. And this model is used as a basis for a detection algorithm which is automatically enhanced and updated with new malware samples submitted by users to servers. Program files that do not appear on our blacklist and whitelist are scanned using QVM, and any “hits” presumed to be malicious would be removed or quarantined. That is, QVM is doing the nasty job for us in order to identify any suspicious behavior, then sends back to computers to warn the users.

There are also other popular security technologies with AI involved, including User and Entity Behavior Analytics (UEBA), End-point Detection Response (EDR), and Network Detection Response (NDR). These technologies don’t just simply detect viruses and wipe them off, but they also collect data from users and entities to uncover security risks that criminals may exploit.

We see artificial intelligence seems to beat human intelligence in different ways. We may imagine that it could become the human-like-robot shown in the popular American TV series Westworld, and replace human being. Still, in cyber security luckily, it’s more like a collaboration between AI and human in a more effective and efficient manner.