Signature-based malware detection not as good as AI, says ICIT paper

Signature and behavioural based anti-malware are no match for next generation adversaries who use mutating hashes, sophisticated obfuscation mechanisms, self-propagating malware and intelligent malware components, according to the findings of a new report. The report, published by the Institute for Critical Infrastructure Technology (ICIT), said that it is "no longer enough" to detect and respond to cyber-attacks and that artificial intelligence (AI) is necessary to offer the predictive quality that can give organisations a "much-needed edge on their more sophisticated, less burdened, and more evasive adversaries". The research paper, titled Signature Based Malware Detection is Dead, said that the average data breach costs $158 per stolen record, and is often undetected for 229 days. In some organisations, especially ones containing critical infrastructure, feature layers of incompatible technologies are "Frankensteined" together in a haphazard attempt at nominally meeting security standards. "Any unused technology in every layer exponentially increases cyber-security noise and could result in exploitable security vulnerabilities. Meanwhile, C-level executives suffer from security solution fatigue as the result of incessant product evaluations, investments, and failures," the paper said.