In its ongoing quest to trap and kill Android malware,
Google has, as usual, turned to machine learning – and is reporting some
success.
Speaking at the Structure Security conference in San
Francisco today, Adrian Ludwig, head of Android security, said the ads giant
has trained systems using telemetry data from handsets – information such as
which apps are installed and uninstalled, the behavior of the software, and so
on, presumably.
These device statistics would, we imagine, be gathered from
Google Play services, which pings the California mothership with telemetry from
devices. Ludwig wasn't particularly precise about this data collection, funnily
enough. Ultimately, the goal is to craft an AI system capable of automatically
identifying and removing malware judging from code's behavior rather than its
signatures.
Gradually, the learning system improved its game, Ludwig
said: six months ago the software was only successfully flagging up five per
cent of malware samples thrown at it. As of last week, that figure is now 55
per cent, meaning it's now making a dent into Android infection rates by
spotting and zapping nasties either on the Play store or on people's gadgets,
or both.
Google's Play Protect system can highlight and remove any
evil software discovered during scans of handhelds – presumably it could check
with the Robocop AI back at base on whether or not a given app is naughty or
nice. In addition to this, Google could use the AI to automatically weed
malicious applications out of its Play store.
At the beginning of the year, we're told, about 0.6 per cent
of Android's two billion user base was infected by malware. Ludwig said that
figure was now 0.25 per cent, thanks to this AI software.
"When you ask where Android security was six years ago,
it was nowhere near as good as desktop computing," Ludwig told the
conference. "Now we've left desktop computers in the dust."
Google is, obviously, not the first to use AI for
classifying malware. However, the internet goliath has a big advantage over
other industry players due to the volume of data at its fingertips. Ludwig said
Android users cover every country on Earth, and every socioeconomic class. We
even found out today that Bill Gates is an Android user. That means there's a
wealth of Android usage data flowing into Google from all corners of the
planet, and all layers of society, that can be used to train the system on what
bad apps look like.
Still, it requires human supervision. Every so often,
software nasties slip past Google's code-checking systems and into the official
Play store, for instance.
"Machine learning isn't pixie dust," Ludwig said.
"You've got to have people reviewing and checking along the way. But it is
making a major difference."
