Google’s New Robocop AI Detects And Destroys Malware
Google seems to be achieving some success with machine learning. Its Robocop AI has considerably enhanced its detection capabilities by analyzing the behavior of malware.
Adrian Ludwig, head of Android security at Google, speaking at the Structure Security conference 2017 in San Francisco, stated that “Gradually, the learning system improved its game. Six months ago the software was only successfully flagging up five per cent of malware samples thrown at it. As of last week, that figure is now 55 per cent, meaning it’s now making a dent into Android infection rates by spotting and zapping nasties either on the Play store or on people’s gadgets, or both.”
Reporting on the conference and the Android Robocop AI, The Register commented: “Dead or alive, preferably dead, you’re coming with me.”
Providing more details on Robocop AI, Ludwig added that it has utilized the telemetry data that it had obtained from Android handset devices and used that for machine learning. The data probably included the apps that were installed on a system, those that were uninstalled, how the software worked, etc..,
Google Play services gather information about installed and uninstalled apps and their behavior and send the data to its server. The Android security lead did not share any in-depth details about the data collected.
Boost in Detection Capabilities
The AI team had successfully been able to increase the capabilities of the Robocop AI – from detection capabilities of about 5% six months ago to 55%. This is a significant development that boosts detection and elimination of malicious apps in the Playstore as well as malware on the devices.
Google Play Protect application works continuously to keep the device, data, and the apps safe. It periodically and automatically scans the device and apps. Google is continuously working on enhancing the prowess of this device to protect the Android device from malware. This application can automatically remove malicious apps from its Playstore.
Real-Time Behavioural Analysis
Some apps do not overtly display malicious behavior. It is only when they are active that their malicious intentions are observed. Such malware can only be detected through real-time behavioral analysis. Google’s Robocop AI holds promise to detect such behavior which is quite a different approach from antivirus solutions that block and remove malware based on its signatures (blacklisting).
Ludwig stated that just within a couple of months of the RobocopAI implementation, the percentage of malware infected Android users fell from 0.6% to 0.25%.
Real-time behavioral analysis is not an innovation at Google. It is already being used by a few robust endpoint security solutions. Google intends to further develop the RobocopAI as a robust security solution that detects, blocks and deletes malware based on their behavior in real-time.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.