Google's Adrian Ludwig, director of Android security, says computer security should manage risk so it can analyze the overall ecosystem and learn to spot potential vulnerabilities on the fly using deep neural networks.
Ludwig acknowledges Google does not currently possess a sufficient volume of Android problems to train its neural networks as fully as it would like.
Google's Sebastian Porst says his goal is to use a system called Bouncer to completely automate the identification of any vulnerable or malicious apps that might show up on an Android phone. Bouncer analyzes each app uploaded to the Google Play Store, seeking malicious or otherwise buggy code, and then runs each app to analyze behavior. It also plugs into the Google Web crawler to automatically scan Android apps uploaded to random websites, capturing and analyzing any unknown app downloaded to a certain number of phones. Porst says the app-related data gathered by Bouncer is fed into neural networks so the system can discover which combinations of characteristics signal malware.
Meanwhile, Google's Jon Larimer and colleagues are constructing a fuzz-testing system that looks for software holes by feeding random inputs, and can concurrently test numerous Android phones. Larimer says his team is investigating neural nets that can identify the structure of each file the system encounters to enable more rigorous testing.
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found