The world of cybersecurity is ever-changing, and the relentless pursuit of innovative solutions to combat threats and vulnerabilities is a constant. In the field of threat analysis, one of the most significant challenges is understanding and analyzing potentially malicious code.
To address this challenge, VirusTotal has unveiled a cutting-edge feature known as VirusTotal Code Insight, which leverages the power of artificial intelligence (AI) to produce natural language summaries of code snippets. In this article, we will explore the transformative potential of Code Insight and how it empowers security experts and analysts to detect and mitigate threats with unprecedented efficiency.
A New Approach to Code Analysis: AI-Powered Insights
Unveiled at the RSA Conference 2023, VirusTotal Code Insight is an innovative feature that takes code analysis to the next level. Powered by Google Cloud Security AI Workbench, this feature is designed to provide security experts and analysts with deeper insights into the purpose and operation of code under analysis, thereby enhancing their capability to detect and mitigate potential threats.
Traditionally, AI and machine learning (ML) have played a pivotal role in anti-malware and cybersecurity efforts, with a primary focus on classification tasks. However, recent advancements in large language models (LLMs) have expanded the capabilities of AI to include text generation and summarization. When trained on programming languages, these models possess the remarkable ability to transform code into natural language explanations. This ability to explain code with clarity and precision expedites malware analysis and bolsters a wide array of cybersecurity applications.
Code Insight is based on Sec-PaLM, one of the generative AI models hosted on Google Cloud AI. What sets Code Insight apart is its ability to generate natural language summaries from the perspective of an AI collaborator specialized in cybersecurity and malware analysis. This capability offers security professionals a powerful tool to decipher the intentions and behavior of code snippets.
Initially, Code Insight is deployed to analyze a subset of PowerShell files uploaded to VirusTotal. Files that are highly similar to those previously processed or excessively large are excluded, ensuring efficient use of analysis resources. VirusTotal plans to expand the list of supported file formats in the coming days, broadening the scope of Code Insight’s functionality.
Real-World Examples: Unveiling False Negatives and Clearing False Positives
Code Insight’s performance can be illustrated through authentic examples. In one case, a file detected by only three engines on VirusTotal as “PowerShell/PSW-Agent.U” and “HEUR.Trojan-PSW.Multi.Disco.gen” was analyzed by Code Insight, which provided a clear explanation of the file’s behavior. Code Insight conducts its analysis independently, relying solely on the content of the file being processed, without access to antivirus results or other metadata
In another example, Code Insight helped identify a false negative—a case where malware designed to stealthily capture users’ credentials was not identified by any antivirus software on VirusTotal. In yet another example, Code Insight cleared a false positive by explaining that a file flagged as trojan and malware by nine antivirus engines was actually a benign script that installs Postman CLI
The integration of LLMs into code analysis tools has significantly improved the ability of security professionals to gain valuable insights into the structure and behavior of potentially malicious code, enhancing threat detection and response efficiency. It’s important to note, however, that the performance of the LLM model may vary on a case-by-case basis, and attackers may develop new evasive strategies, creating an ongoing competition between malware and AI-driven approaches.
Scaling Threat Analysis with VirusTotal Intelligence
One of the most significant advantages of VirusTotal’s Code Insight lies in its scalability. The analysis can be carried out by various AI models, each offering different levels of precision and depth. However, the true value of Code Insight lies in its ability to scale this analysis through the VirusTotal platform, enabling not only the examination of individual code samples but also the aggregation and exploitation of results on a large scale via the VirusTotal Intelligence service.
VirusTotal Intelligence is an advanced service that allows security teams to swiftly and effectively scrutinize vast quantities of code and identify potential threats, thereby enhancing their efficiency and ultimately fortifying their security stance. The integration of Code Insight into VirusTotal Intelligence provides users with the ability to search for specific types of malware behavior, such as keyloggers, using search queries like “codeinsight:keylogger”.
*Phish.News is a participant in the Amazon Services LLC Associates Program. We may earn a commission from qualifying purchases made through our affiliate links. Thank you for supporting us!
For instance, VirusTotal Intelligence can identify several files that, according to the Code Insight report, record keystrokes and write them to a log file. By expanding the report for a specific file, security analysts can read a comprehensive analysis that explains the specific keylogger’s behavior. This level of detailed insight empowers security teams to detect and respond to threats proactively, ensuring that malicious actors are kept at bay and that sensitive data remains protected.
The Future of Cybersecurity: Continuous Innovation
As cybersecurity threats evolve and become more sophisticated, the need for innovative solutions that can stay ahead of emerging challenges is paramount. VirusTotal Code Insight represents a significant step forward in this regard, and the company is committed to refining and expanding the capabilities of this feature and other cutting-edge tools.
The integration of AI and LLMs into cybersecurity practices opens up new possibilities for understanding, analyzing, and mitigating threats. As we continue to push the boundaries of what is possible in the field of cybersecurity, we can expect to see even more advanced and effective tools that harness the power of AI to enhance threat detection and response.