In its ongoing quest to trap and kill Android malware, Google has, as usual, turned to machine learning – and is reporting some success.
Speaking at the Structure Security conference in San Francisco today, Adrian Ludwig, head of Android security, said the ads giant has trained systems using telemetry data from handsets – information such as which apps are installed and uninstalled, the behavior of the software, and so on, presumably.
These device statistics would, we imagine, be gathered from Google Play services, which pings the California mothership with telemetry from devices. Ludwig wasn't particularly precise about this data collection, funnily enough. Ultimately, the goal is to craft an AI system capable of automatically identifying and removing malware judging from code's behavior rather than its signatures.
Gradually, the learning system improved its game, Ludwig said: six months ago the software was only successfully flagging up five per cent of malware samples thrown at it. As of last week, that figure is now 55 per cent, meaning it's now making a dent into Android infection rates by spotting and zapping nasties either on the Play store or on people's gadgets, or both.
AI quickly cooks malware that AV software can't spotREAD MORE
Google's Play Protect system can highlight and remove any evil software discovered during scans of handhelds – presumably it could check with the Robocop AI back at base on whether or not a given app is naughty or nice. In addition to this, Google could use the AI to automatically weed malicious applications out of its Play store.
At the beginning of the year, we're told, about 0.6 per cent of Android's two billion user base was infected by malware. Ludwig said that figure was now 0.25 per cent, thanks to this AI software.
"When you ask where Android security was six years ago, it was nowhere near as good as desktop computing," Ludwig told the conference. "Now we've left desktop computers in the dust."
Google is, obviously, not the first to use AI for classifying malware. However, the internet goliath has a big advantage over other industry players due to the volume of data at its fingertips. Ludwig said Android users cover every country on Earth, and every socioeconomic class. We even found out today that Bill Gates is an Android user. That means there's a wealth of Android usage data flowing into Google from all corners of the planet, and all layers of society, that can be used to train the system on what bad apps look like.
Still, it requires human supervision. Every so often, software nasties slip past Google's code-checking systems and into the official Play store, for instance.
"Machine learning isn't pixie dust," Ludwig said. "You've got to have people reviewing and checking along the way. But it is making a major difference." ®