Neural nets in commercial anti-virus software

tesauro@watson.ibm.com tesauro at watson.ibm.com
Fri Jul 15 11:03:36 EDT 1994 

             IBM  BRINGS  NEW  TECHNOLOGY  TO  VIRUS  PROTECTION


  IBM's investment in leading-edge research is paying off in unexpected
  ways.  The latest release of IBM AntiVirus uses sophisticated "neural
  network" technology to help detect new, previously unknown viruses.

  "Detecting viruses that people have never seen before, while
  simultaneously preventing false alarms, is a difficult balancing act,"
  said Jeffrey O. Kephart, a manager in the High Integrity Computing
  Laboratory, the group at the Watson Research Center that develops IBM
  AntiVirus.  "But with several new viruses being written every day, this
  has become an essential requirement for any anti-virus program."

  "Traditionally, virus detection heuristics have been developed by trial
  and error.  Our neural-net detector was produced completely
  automatically, according to sound statistical principles.  The anti-virus
  technical community had been hoping for such a breakthrough, but was
  pessimistic.  We invented several new techniques that overcame previous
  limitations."

  By showing a neural network a large number of infected and uninfected
  files, Kephart and his colleagues trained it to discriminate between
  viruses and uninfected programs. After the training had taken place, they
  found that the neural network was able to recognize a very high
  percentage of previously unknown viruses.

  "We've been quite successful in bringing leading-edge research into the
  IBM AntiVirus products very quickly," explained Kephart.  "In this case,
  just a few months after our initial conception of the idea, we are
  delivering novel but well-tested technology to our customers around the
  world."

  IBM AntiVirus version 1.06 provides comprehensive "install-and-forget"
  automatic protection against computer virus attacks in DOS, Windows*,
  OS/2** and Novell NetWare*** computing environments.  In addition to its
  patent-pending neural network technology, it can detect viruses inside of
  files compressed with PKZIP****, ZIP2EXE and LZEXE.  It can even detect
  viruses inside of compressed files that themselves contain compressed
  files.  Common viruses can be detected automatically when infected files
  are copied from a diskette or downloaded from a computer bulletin board
  system.

  New installation programs support automated installation from LAN
  servers.  IBM AntiVirus for NetWare can check NetWare 3.1x and 4.0x
  servers for viruses in real time, as users add or modify files on the
  server.  IBM AntiVirus protects against thousands of known viruses,
  including viruses that are said to be impossible to detect.

  "There's a lot of hype out there about 'killer' viruses," said Steve R.
  White, Senior Manager of the High Integrity Computing Laboratory.  "Here
  are the facts.  Many viruses are silly, badly written programs.  A few
  viruses try to hide by changing their appearance when they spread -
  'polymorphic' viruses - or by trying to prevent anti-virus software from
  seeing them at all - 'stealth' viruses."

  "People have said these viruses are impossible to detect.  They are
  wrong.  We have had no trouble analyzing new viruses and adding
  protection against them to IBM AntiVirus.  The latest version of IBM
  AntiVirus detects lots of 'difficult' viruses, including Queeg, Pathogen
  and Junkie-1027.  Keeping up with these new viruses does require a lot of
  expertise and technology, but that's what IBM Research is famous for.

  People who say that their anti-virus products can't keep up are using the
  wrong products."

  * Windows is a trademark of Mircosoft Corp.
  ** OS/2 is a trademark of IBM Corp.
  *** Novell and NetWare are trademarks of Novell Corp.
  **** PKZIP is a trademark of PKWARE, Inc.

More information about the Connectionists mailing list