Is The Virus Of The Future An Evolving Neural Network?
I was struck by a novel idea the other day. Could you create a computer virus that was powered by neural networks?
Not just trained and released into the wild as-is, but one that actively evolves as it moves from computer to computer. How would such a virus work? How would it spread itself and evolve? What would it do?
Normally, when struck by an idea like this, it has already been thought of and explored to death. This time, that appears to not be the case. I cannot find any existing computer virus that evolves in the wild, or even discussion of one.
Perhaps that’s because it’s not actually viable. I am not a security expert, and I’ve only used neural networks in the realm of computer vision and linear sequence prediction. However, I do know that with enough development time and money, viruses can do some pretty crazy stuff, and with enough of the right kind of training, neural networks can do just about anything.
Computer viruses already have a biological lifecycle. They propagate, lie dormant (making use of survival mechinisms) and eventually are triggered and executed, completing their life. Some even mutate. Neural networks can simulate evolution. Why not evolve viruses using neural networks?
So treat this as just some computer-science fiction with maybe, just maybe, a grain of truth.
How Would A Neural Network Virus Propagate?
Normally, in the propagation phase of a computer virus, it injects code in files, which in turn inject code into other files. This is potentially the most useful phase in the lifecycle of a virus for neural networks. This is where mutation and evolution can take place.
Viruses sometimes modify themselves when making copies to avoid detection. However, they are limited by some preprogrammed mutation mechanism. A neural network powered virus at this stage can give its children mutations that could be more difficult to detect, since neural networks modify themselves at random.
A virus must typically make use of a software exploit to elevate its priveleges and execute its payload and/or spread itself. Neural networks have, in fact, already been used to find software exploits (see VulDeePecker). A neural network could be trained to find and make use of one or more kind of exploit, making it immune to security patches.
Viruses typically have a search algorithm that determine which files to infect. Again, a neural network could be used to find which files to infect. The most probable vector would be Windows executable files. A neural network could also be used to determine which functions to replace in these files.
Viruses that “survive” at this stage are ones that can avoid detection, successfully find exploits, and propagate. These strains of the virus in turn would continue to spread and mutate, ideally selecting for the strongest mutations.
Relatively unrelated viruses that detect eachother could also potentially exchange “genes” at this point through some mechanism. This could potentially make it easy for two successful strains of the virus that encounter eachother to exchange information, but it could also be a vector for detection. For this to work, viruses must “select” a mate or mate even overtake a machine already occupied by a weaker strain, since otherwise benign strains of the virus could potentially be released into the wild to destroy strains.
How Would A Neural Network Virus Hide Itself?
Neural networks have already been used, in proof-of-concept, to avoid detection (see DeepLocker). A facial recognition fingerprint is used to decrypt malware. This allows the malware to remain undetected on non-targeted machines and be executed only on target machines — specifically someone with a certain face.
By my understanding, DeepLocker doesn’t need to evolve, and the same method of encryption that DeepLocker uses wouldn’t be that useful for an evolving virus. Where DeepLocker can sit dormant in some seemingly benign facial recognition program, an evolving virus must actively infect new programs.
A random, mutating encryption algorithm would certainly be scary, but I also can’t see how it would mutate and still be able to identify its target. If its target is random, there is no guarantee that the virus would ever execute.
DeepLocker at least shows just how powerful neural networks can be when applied to one aspect of computer viruses.
How Would A Neural Network Virus Attack?
The answer on how a neural network virus would attack is a pretty boring one. Like with encryption, a random attack is not reliable enough. A neural network that propagates in the described way could be used to deliver pretty much any payload, which will then spread widely with a chance that it could be very difficult to stop. This raises a more interesting question. Who the hell would make this thing?
The answer, if historical malware is any indication, is large governments seeking to perform intelligence operations. Other typical virus authors, like extortionists and anarchists, although they would have use for such software, probably would not have the resources to develop such a thing.
However, once it was released into the wild, it would eventually be “captured” and modified. This means that evolving viruses that delete files en masse or hold files ransom could be made.
Viability
What I’ve described is a complex system of not just one, but many neural networks. I’ve not fully fleshed out all of the ideas here. For example, how do you obfuscate the payload and other non-neural code to avoid detection? What mechanism would these things actually use for exchanging genes? If I were to answer these questions here, they would be even further into the realm of speculation than I’ve already gone, but anyone actually creating this software must find the answer on top of developing everything I’ve described.
Training such a system would be difficult. You would need to create networks of virtual machines or even release it in limited areas, making it limit itself to a certain IP range. It would take a long time to train using current technology as far as I know, but much work is being done to discover how to train networks faster. Evolution, compared to other methods, could prove to not be worthwhile at all for avoiding detection or finding new exploits.
I anticipate that some of these methods or similar could be used in computer viruses in the near future given the power of applying machine learning to just one aspect like with DeepLocker, but a virus that makes use of evolutionary neural networks to their fullest potential is probably far off. Computer security might advance faster than these ideas can become reality. As machine learning progresses even more, ideas outlined here could become quaint. I’ve tried to remain grounded in this article as much as I can, but the upper bound of a virus that makes use of machine learning is a thinking AI specifically crafted to maliciously attack computers and spread itself.
For now, the entire idea is hopefully a complete fiction.
