To create a collaboration between Artificial Intelligence and Cyber Security to contribute to the rising need of Cyber Defense against mutable malware.
What it does
Air Gap Go (AGG) extracts the MD5-Hash of any given file and compares it to a large CSV data base filled with known malicious signatures. The CSV that is called upon within our code, is updated daily from Virusign.com to ensure our program is keeping up with new malware being introduced into the wild and day zero exploits. If the file returns as a Safe Hash, the user may continue as expected knowing its safe. If the file matches one of our malicious hashes on file, AGG kicks in. First it will compress and zip the file removing/redirecting it of its current path. Secondly, it hides the file from other files and processes to avoid spreading internally. The third step is to delete the corrupted file and notify the user all actions were carried out correctly. Following the notification it will also scan the user's current directory to ensure the file did not have a chance to propagate. Finally and most important is its ability to force the device into airplane mode, thus removing it from the Network and Bluetooth. Thus creating a quarantine environment on the infected host machine and preventing an external spread (Targeting Ransomware). The AI may also scan a URL and check to see if it matches a known malicious or Phishing website.
How we built it
To build the AI, we used the theory of logistic regression; we fed the AI a large CSV file filled with dirty and clean URLs, which would act as weights for the AI to learn. We were able to make the AI learn how to identify a compromised URL with about a 96% accuracy rate. There was too much data in the hash files to pass to the AI for it to learn to identify hashes successfully, so instead we broke it down in a similar way without implementing the AI. AGG uses several different python modules to take in a file, determine whether or not the hash has been seen as compromised in the wild, and if so, disconnect from the network and run through the necessary steps to remove the malicious file from the host device. Once that was done, the AI would look through the most likely directories that a malware would have replicated itself to. This was all achieved by giving our program along with our AI administrative priorities through the use of python, so that it could make changes to the host machine.
Challenges we ran into
One of our biggest challenges had to be finding a large, trustworthy and accessible data base of known malware hashes in order to train AGG. Most required us to go through a lengthy verification process prior to being granted access to any form of data base. The overall merger between each individual component of the project proved to be difficult due to the complexity of each function that made up our program.
Accomplishments that we are proud of
Due to the time constraint we did not believe we would come this far, yet we were able to finish a fully operational project to demonstrate. Out of the entirety of what we accomplished this weekend, our favorite capability of AGG is its ability to remove an infected device off the network in a matter of seconds. This occurs at the first sign of malicious activity detected by the AI.
What we learned
The biggest take away this weekend has to be all the new information we learned about AI and how they can be extremely beneficial to Cyber Security. These include the different algorithms used to train AI and how it all interacts with Human Computer Interactions (HCI).
What's next for Air Gap Go
A more intuitive Graphical User Interface (GUI) that increases ease of use. Next add a secondary scan that uses the Convolutional Neural Network Algorithm to seek out specific malware.