Artificial Intelligence in the Realms of IT Security

25 Oct 2010
Virus News

Cyber Helper, artificial intelligence, developed by Kaspersky Lab in 2009, is designed to automate the process of combating malware. Cyber Helper includes several autonomous subsystems capable of data exchange and interoperability. It also contains several ‘hard’ algorithms and rules which are used in standard programs. However, most of its subsystems utilize artificial intelligence and fuzzy logic and independently define their own behavior as they go about solving different tasks.

The main task facing those developing artificial intelligence is to create an autonomous AI device fully capable of learning, making informed decisions and modifying its own behavioral patterns in response to external stimuli. In most cases artificial intellect is based upon experience and knowledge provided by humans in the form of behavioral examples, rules or algorithms, which means it is not very effective at meeting the challenges of modern computer virology.

With Cyber Helper the aim was to create a self-learning system capable of conducting independent research and accumulating knowledge and experience. As a result, the system not only learns but, based on its knowledge and the result of its own analysis of an object, periodically finds errors in the analyst’s work. In such cases, the Cyber Helper may start by interrupting the analytical and decision-making process and send a warning to the expert before going on to block the scripts that are to be sent to the user, which from the system’s perspective could harm the user’s computer. The simplest example of such a mistake might be when a malware program substitutes an important system component. On the one hand it is necessary to destroy the malware program, while on the other; to do so may result in irrecoverable system damage.

At the heart of the Cyber Helper system is a utility called AVZ that was created to automatically collect data from potentially infected computers and store it in machine-readable form for use by other subsystems as well as perform actions on a remote computer using universal scripts. The utility generates reports in HTML and XML formats. From 2008 onwards, the core AVZ program has been integrated into Kaspersky Lab’s antivirus solutions and can be used for infection treatment if necessary.

“Modern malware programs act and propagate extremely fast. In order to respond immediately, the intelligent processing of large volumes of non-standard data is required,” says Oleg Zaitsev, the developer behind Cyber Helper and Chief Technology Expert at Kaspersky Lab. “Artificial intelligence is ideally suited to this task; it can process data far in excess of the speed of human thought. Cyber Helper is one of only a handful of successful attempts to get closer to the creation of autonomous artificial intelligence. The main advantage of Cyber Helper is that, like an intelligent creature, it is able to self learn and define its own actions in an independent manner.”

You can find out more by reading the article “Cyber Expert: Artificial Intelligence in the Realms of IT Security” at