Exclusive Interview with Dr. Gu: AI and Engine Zero in the Field of Network Security

12/11/2018 12:01:30
Sangfor Engine Zero, an intelligent security detection engine, utilizes AI technology to detect unknown threats faster and more efficiently.  A recent interview was conducted between Sangfor and Sangfor’s Chief Scientist Dr. Gu, to achieve a more in-depth understanding on how AI can be better applied in the field of network security.

Q: AI has always been a hot topic in this industry. Why is AI being integrated within the field of network security?
Dr Gu:  
The world is undergoing a digital transformation driven by technology, with traditional technology no longer able to adapt to the rapidly changeable state of viruses and threats.  The cost of network attacks and the scale and frequency of cybercrime and hacking are increasing, badly impacting social and economic losses.  The demand for cyber security professionals has seen a simultaneous and rapid increase, with serious inadequacies in the number of skilled people available. In response, the industry has begun to seek automated network security solutions for the future of effective protection. Artificial intelligence technologies such as pattern recognition and machine learning are gradually being applied to the field of network security. According to a recent Gartner projection, the employment of AI in the field of network security will increase from the current 10% to 40% by 2020.

Q: What has been achieved thus far in the application of artificial intelligence technology in the field of network security?
Dr Gu:  
Artificial intelligence has recently been applied to many areas in the field of network security. It’s clear that security is facing a future with an increasing number of imminent threats. Artificial intelligence technology has a great advantage over human operators in learning and detecting threats, especially in the detection of unknown threats. Cyberattacks are becoming more and more complex with hackers constantly testing new attack technologies and making it impossible for security teams to learn and detect all threats. Alternatively, artificial intelligence is in a state of continuous evolution and has proven itself capable of quickly scanning, parsing, and detecting threats. For example, our internally-developed Engine Zero security intelligence detection engine uses artificial intelligence technology and deep learning to achieve 99.7% F value in virus C&C communication detection, making it 10% higher than the traditional n-gram method.

In terms of effective protection, artificial intelligence can help engineers sort out how to deal with attacks and understand which methods work, and how to use this experience in future hacking attacks. This can significantly shorten the security response process and reduce the impact of attacks as well as reduce user losses.

You mentioned that Sangfor Engine Zero security intelligence detection engine uses artificial intelligence. Could you tell us how?
Dr Gu:  
Compared to other manufacturers' anti-virus engines and well-known open source anti-virus engines, the Engine Zero engine uses AI to enhance its ability to kill unknown viruses and new variants of known viruses. Traditional virus killing, regardless of the cloud or terminal, generally relies on the virus signature, making it inefficient at killing unknown viruses.

Engine Zero employs self-learning and constant evolution through artificial intelligence technology to effectively identify unknown viruses or variants and form cloud linkage, sharing the updates to the database in a timely manner and improving human-computer wisdom and the effectiveness of detection capabilities. For example, Engine Zero was able to achieve 100% accurate detection rate with several new variants of the ransomware families Globelmposter and GandCrab developed several new variants this year, without any previous analysis.

Is it true that the Engine Zero has a stronger killing ability with unknown viruses and new variants of known viruses?
Dr Gu:  
Yes, the artificial intelligence-based malicious file detection and killing engine is superior to the traditional signature-based killing engine.  AI technology employs machine learning and neural networks which are trained using known samples. The unknown sample set has achieved good results and has found several new types of malicious files. In October Engine Zero was able to detect and defend against a new BadRabbit ransomware variant without any modification and with very little training.

How does Engine Zero solve the well-known reoccurring issue of a high false positive rate?
Dr Gu:  
There are a few machine learning-based detection engines available in the industry. However, many machine learning devices mistake white samples for malicious files in the absence of training, leading to a high false positive rate. If the false positive alarm rate is lowered by raising the threshold or other simple methods, it could potentially drag down the originally available generalization ability. Sangfor Engine Zero engine eliminates false positives by monitoring and discovering the dynamic characteristics of malware in actual operation. After testing, it has achieved a significantly lower false positive rate and powerful generalization capabilities.

What role will Engine Zero play in the future of malicious virus detection and defense?
Dr Gu:  
Engine Zero is one of the highlights of many security detection technology innovations at Sangfor. This detection technology will be the core of all future security offensive and defensive confrontation. We comprehensively utilized a variety of methods such as AI, rules and features to improve the detection capabilities in multiple areas of security including bit-coin mining virus detection, malicious URL detection, abnormal behavior detection and increased botnet detection accuracy to 99.7%.

These security capabilities have also been embedded in the security of the next generation of terminal security EDR, next-generation firewall, security-aware platform, online behavior management, cloud security, cloud shield and many other security products and services designed to protect each link in the attack chain. Sangfor will continue to research, innovate and constantly translate the latest scientific and technological achievements into security protection capabilities, and to continue to provide users with the most effective protection possible in the future.

Our Social Networks

Global Service Center: