-1

Since Solarwinds Hack and Hafnium attack involved some degree of unauthorized code modification (orion DLL, creation of web shell), is it possible to use Artificial Intelligence (AI) built into the very application (Solarwinds, Exchange Server) itself to detect and report any unauthorized code modification and unnatural modification its immediate environment (e.g., processes supporting the application, or detection of files such as exfiltrated files that should not be there, in the application binaries folders)?

It is my firm belief that building AI into these application is the only way forward to reduce/stop zero-day exploits.

Improve this question
6
  • 1
    What stops an attacker from modifying the code to skip the call to AI/ignore AI triggers ?
    – Limit
    Commented Mar 10, 2021 at 2:27
  • @Limit Depends on how it's implemented.
    – forest
    Commented Mar 10, 2021 at 2:54
  • 3
    AI is not a clearly defined existing thing. You could also say "Magic wand" which has about the same amount of detail as "AI". And yes, something magic might solve all our problems, only it does not exist. Also, you seem to focus too much on 0day. Most IT security problems out there are not caused by 0day in the first place.
    – Steffen Ullrich
    Commented Mar 10, 2021 at 4:54
  • 5
    Nathan, you have suggested a number of different things in different questions as "the only way to stop zero days" and at some point, something should dawn on you: alone, no one thing will, but defence is made up of layers and each layer plays a part in the overall defence.
    – schroeder
    Commented Mar 10, 2021 at 7:57
  • these companies that were affected had layered defenses too. I think everyone is just very uncomfortable with the fact that we are completely helpless in the face of the onslaught of zero-day exploits by these highly-skilled, highly-sophisticated state actors (a great way to absolve security professionals - just use the state actor reason) and that we are completely beholden to software companies for a zer0-day fix. My point is this: There has got to be a better way to address zero-day at a more fundamental level -- not just the usual layered defenses, not just motherhood statements.
    – Nathan Aw
    Commented Mar 11, 2021 at 1:47

1 Answer 1

Reset to default
1

It sounds like you're talking about anomaly detection which is often implemented using machine learning. It's a useful tool, but it is not perfect. It is just one technique of many that can be utilized to reduce the chance of security issues. We (as in humanity) currently lack the knowledge to implement a machine learning solution that is completely able to mitigate supply chain attacks or 0days.

"AI" is all too often just a buzzword and its capabilities are limited. It is certainly not the only way, nor even the most important way, to reduce 0days. The only way to truly stop them is to use formally-verified code which can mathematically prove that the code matches specifications, but it is a very involved technique that isn't practical for large code bases. seL4 is an example verified microkernel.

Improve this answer
2
  • i dont mean AI in the buzzword sense. imagine if developers like myself is supported by AI to identify the potential coding pitfalls, we can avoid many painful incidents like solarwinds, hafnium. this whole layered defense seems to be barking up the wrong tree -- if we can target the root and address that, we will have no need of these multiple security solutions.
    – Nathan Aw
    Commented Mar 11, 2021 at 10:04
  • So, you suggest adding another security solution ... else you're suggesting removing all the rest of the layers of defense? We have seat belts and crumple zones, but people still get hurt in car accidents, so let's take all that out and put in autonomous driving? That's not logical. You need the right defences to address the right weaknesses in a complex system. What we have are inefficient layers to try to cover the unidentified weaknesses in the system, Please look up Complexity Management and Cynefin for more ... effective inspiration for how to address the problem.
    – schroeder
    Commented Mar 11, 2021 at 18:59

Not the answer you're looking for? Browse other questions tagged .