In the face of rapidly evolving ransomware attacks in the wild, security majors are promoting the ability of AI to identify and defeat malware in the wild - but is that true? There are benefits and unavoidable limitations to the use of AI technology in the fight against wild samples.

In this session, we will return to the semantics of execution and combine it with the papers on symbolic execution to design a practical symbolic engine that can reverse analyze over a thousand real ransomware samples in the wild to defeat over 95% of them! At the same time, the source code of our engine will be presented at the conference to help vendors understand and use the semantic-aware detection solution based on the symbolic engine, which can effectively combat highly variable obfuscated samples.