Mid of 2017 I have created one of my dream project, an AV scanner that will diagnose your host for any potential malware threat on the system with the aid of Universal Malware Repository; I call this Tesla. Below is the article documenting the first version:
https://kenciceron45.wixsite.com/krontek/main/tesla-a-universal-malware-repository-scanner
A month after, while I'm enjoying my favorite coffee in a cafe restaurant and reading my favorite AI reference book. The waiter approached me if there's any more order I would like? Then I replied: "nope, I'm all good now". After that statement something just blew me. For weeks, I have been engaged with my AI assistant project(which I will showcase soon) and have been passionate solving and learning the wonders of Neural Network. Something just came up to me, the idea of an engine protection system that will feed on a voice command input. It will perform the designated command tasks, more deep stuff, and will tell you if the system is already clean from any threat. Yes, I am thinking of improvising Tesla, from being a typical Universal AV scanner to an protection with the bits of AI on it. A bulk of question piled up on me, curiosity if these ideas can be done.
a.) A complete collaberation between the user and TESLA. A bond between an antimalware and a consumer. The next AV engine, will comprised an antimalware Jarvis.
b.) Anti-malware program with an ability to learn and adapt on current vulnerabilities on the internet. It will be something revolutionary and innovative. However, it will require a lot of work, codes, and time.
There has been an enormous growth on Deep Learning this couple of years. AI technologies has grew, and the components comprising this technologies has been a big help for us to create and think of a better solution out of the box for each problem that we may have. Right now, we have been figuring out the total integration of AI in Cybersecurity.
But why not?
Couple of days, I've been on a mission. I'm coding; conducting research for a better tech, brainstorming on ways I can improve Tesla. My goal is that Version 2 will be innovative and unique. I've been doing Programming, debugging, and studying. And with that it compiled, and RUN.
What's new on version 2?
* Voice Recognition input - This feature will be activated if voice recognition is enabled from the engine. User may have a choice for a voice or just text input. I have gathered some voice patterned inputs and applied it on the program's database. Once the user says the input command, a validation from the speech recognition will be activated and will check on the input DB if such command exist. So if a user said, "perform clean", the program will validate the voice first, then it will execute the process.
-> I also added some retouched of the environment's noise check. In this feature the software will analyze the background noise, and will only recognize the user's voice. So no matter how noisy the room could be, it doesn't matter because Tesla can still hear you.
* File Analysis - With the retrospection of my unfinished Reverse Engineering Kit, I have added an extra feature from my pending tool and implement such on this project. This feature will take the next AV to the horizon, for an extra bits of static file analysis features. Once the AV had scan the hosts and detected some malicious dropped files, the program will analyse the file and get some further information from it. This information would include the file's DLL, PE sections, PE Imports, Virus Total reputation and string obfuscation.
* Real-time network and process monitoring on host
With the AV's real time network and process monitoring it will protect the system's real time activity, once the 'monitor' mode is activated.
* Has event logs for every system action
AV will not only perform monitoring on the user's host but would also monitor on all the activities it has done. All the logs, will be saved on a repository. These logs will include last AV signature update, system full scan or scan on a particular system directory, date of threat detection from process and network monitoring, and date of file last analysed.
Sample engine logs.
* Self-learning capability that depends on the information about the file. This is the start of my neural network implementation for this engine. I have gathered all the possible machine learning algorithm that could be of use for this project. Right now, I made used of dimensionality reduction for data compression. Data of high dimensionality would come from a high number of measurements of raw data processed by the engine. The removal of noise from the data gathered, compressing the dimensional subspace while maintaining the 'most' relevant information. I think that this feature would deserve a separate post, so I can further discuss and provide a breakdown on how this implementation has been added on the lists of functionalities that Tesla is capable of. However, on below's diagram I could give you some ideas and sneak peak on how it went through this.
Let's see what Tesla can say about this file
.
.
.
.
.
.
I would end this for now. Stay tuned for the video demo and the neural net construction of the engine.
<krontek> halt
Recommended Reads:
*Genesis of the Next AV - https://kenciceron45.wixsite.com/krontek/main/the-genesis-of-the-next-av-gen
*Tesla v1: https://kenciceron45.wixsite.com/krontek/main/tesla-a-universal-malware-repository-scanner
Comments