Ўзбекистон республикаси олий ва ўрта махсус таълим вазирлиги заҳириддин муҳаммад бобур номидаги

Artificial intelligence is usually understood as the ability of a system to 
perform some functions traditionally associated with the human mind, in 
particular, the ability to self-learn, to make decisions based on the study of 
previous experience. 
There is no doubt that the field of application of artificial intelligence 
methods will expand. It is interesting to assess what advantages this approach 
can provide at the moment in relation to information security, since research in 
this area is not completed and is probably far from completion. 
First of all, we note that behind the term artificial intelligence there are 
several dissimilar technologies and approaches. 
Traditionally, artificial intelligence methods include: 
-
rule-based expert systems. Such systems have a narrow focus. Before 
using the expert system, the rules must be “extracted” and saved in the 
knowledge base. The knowledge extraction process involves the involvement of 
the most competent specialists in the field in which the expert system is 
supposed to be applied. Experts, with the help of a specialist in the development 
of expert systems, should formulate rules for the behavior of the system based 
on their own experience; 
-
evolutionary computing. These systems cover a range of theoretical and 
practical problems associated with the use of models of autonomous behavior, as 
well as self-assembly, self-configuration and self-healing of systems consisting 
of many interconnected and jointly functioning nodes; 
-
causal networks (Bayesian networks of trust). These networks are used to 
model situations containing uncertainty, in which random events are connected 
by cause-and-effect relationships. From a mathematical point of view, a 
Bayesian network is a graphical model, where nodes are events and arcs are 
possible connections between events; 
-
neural networks. This direction of artificial intelligence is associated 
with modeling the work of the human brain. Research into the work of the 
brain has led to the creation of a model of its work based on neural 
networks. Neural networks explain a person's ability to learn and self-
learn. Neural networks can be successfully simulated on modern computers, 
which makes it possible to create self-learning computer programs; 
-
fuzzy logic systems. These systems simulate the processing of linguistic 
variables, i.e. statements in natural language. The system uses the apparatus of 
algebra and the rules of inference established by an expert. 
The constantly increasing number of threats to information security and the 
associated losses make the problem of ensuring information security more and 
322 

more urgent. According to the National Agency for Financial Research (NAFI), 
losses of Russian companies from cyber attacks in 2017 amounted to about 116 
billion rubles [1]. The use of artificial intelligence methods can increase the 
level of security of information systems. Artificial intelligence methods can be 
used to quickly detect threats, which increases the security of the information 
system. In this case, the ability of artificial intelligence systems to self-learn is 
of great importance. 
The following main areas of application of artificial intelligence methods in 
the field of information security can be distinguished [2]: 
-
quick recognition of threats; 
-
optimization of the process of searching for malicious sources; 
-
analysis of system behavior and identification of latent threats based on 
this analysis; 
-
acquiring new knowledge in the learning process and building on their 
basis a more powerful defense system; 
-
combating malicious software, which can also be self-learning; 
-
maintenance of means of management of identification and authentication 
of users and access to resources and means of administration of access; 
-
improvement of modern anti-virus software. 
Let's take a closer look at the artificial intelligence methods used in the field 
of virus protection. 
The incentive for the use of new technologies in the creation of anti-viruses 
is the presence of a number of shortcomings inherent in anti-virus software in 
the traditional approach to development. The main disadvantages are: the need 
for frequent updating of information bases, which usually requires an Internet 
connection, relatively low performance, and not always prompt response to new 
threats. 
The need to update the databases is due to the fact that viruses are recognized 
by signatures. A signature is a part of a virus code that is sufficient for its 
recognition and, at the same time, is unique. It should not be found in other 
programs to ensure that there are no false positives from the antivirus. The 
process of searching for malicious programs is reduced to enumerating the 
signatures available in the database and checking that the signature is found in 
the program code. 
This is a simplified scheme, often the antivirus must unpack the code of the 
program being scanned, which can be compressed by the archiver. Also, the 
code can be encrypted and processed by an obfuscator. An obfuscator is a 
323 

special program that does not change the functions of the processed code, but 
reduces its readability after decompilation and the search for signatures in it. 
Performance issues stem from both the growing database of virus signatures 
and the need to scan a large number of files and code snippets. This is especially 
true for online checks carried out when receiving data from external sources, 
such as the Internet or portable external drives. The introduction of new 
signatures is performed by manufacturers of antivirus tools after they have 
received and examined the code of a new virus. This means that each virus can 
manage to infect a certain number of computer systems. To increase the 
responsiveness to new threats, developers build in the ability to use "heuristic 
methods". 
In fact, the possibility of using heuristic methods can already be considered 
as an application of artificial intelligence. Since a set of heuristic methods is a 
knowledge base, and their application is the work of a simple expert system 
based on the application of rules. The disadvantages of using this approach are: 
- the need to spend additional time and other resources, 
- not always accurate diagnosis. 
Moreover, if an antivirus user uses heuristic methods, then usually he can 
configure the operation of his antivirus so that information about suspicious files 
is sent to antivirus developers for further analysis. This capability improves the 
speed of response to security threats. 
Machine learning antivirus can work in a different way. An example is the 
Cylance Protect antivirus of the American company Cylance [3]. Cylance was 
founded in 2012 as a startup and owns www.cylance.com. One of the goals that 
this company has set for itself is to create an antivirus that will detect a virus or 
other dangerous software before it can do any harm. Cylance Protect does not 
use signature databases or heuristics. Instead, it relies on a mathematical model 
that describes how software works. Based on the statistical analysis of the 
characteristics of the code, the functions of the program are determined. If 
among them are unsafe, then the use of the program is blocked. The main focus 
is not on healing, but on preventing attacks. 
The model can evolve and antivirus software can self-train to adapt to new 
security threats. Updates do not need to be performed frequently, only when 
mathematical models change. In addition, the load on system resources is 
significantly reduced and the scan time does not depend on the size of the 
signature databases, which simply do not exist [4]. 
Information about the development of an antivirus that uses artificial 
intelligence by employees and students of Tomsk University of Control 
324 

Systems and Radio electronics (TUSUR) [5] has appeared in computer 
publications. Judging by the description given, this system, like Cylance 
Protect, also does not use signatures and can learn itself. 
This project is mentioned on the website of the anti-virus developers Doctor 
Web, in one of the issues of the newsletter "Antivirus Truth!" [6]. The opinion 
of the antivirus authors about publications and the use of artificial intelligence in 
the fight against viruses is negative, since many articles and notes retell each 
other's content and contain obvious errors. The developers of Doctor Web 
antivirus, judging by this publication, are still skeptical about the possibility of 
creating self-learning antivirus programs that do not rely on the use of signature 
databases. 
As for the use of artificial intelligence methods in malicious 
software, it is possible to use machine learning methods in the development of 
malicious code. So, in [7], data on the possibilities of using machine learning 
when performing obfuscation are given. During training, the program makes 
small changes to the binary code without changing its functions, then checks it 
with an antivirus, evaluates the result and repeats the process taking into 
account the results obtained. It is assumed that this approach can also help 
bypass anti-virus systems that use machine learning. The source code of an 
example of such a program for changing the code, without changing its 
functionality, is posted on GitHub [7]. 
Also, the use of machine learning can help hackers to improve the 
efficiency of password guessing and theft of personal data of users of network 
services. 
Concerns are expressed about the possibility of malicious programs with 
built-in artificial intelligence, although the possible mechanism of their action 
is not explained. This is not yet impossible, but not particularly necessary. 

Download 4,08 Mb.

Do'stlaringiz bilan baham: