Skip to main content

Google uses AI to crush malware hiding in Gmail attachments

(Image credit: Jeramey Lende/Shutterstock)

Be gone, malware! Google — tapping into deep-learning models — is making moves to impede malicious attachments from landing in the inboxes of unsuspecting Gmail users.

Malicious documents represent a whopping 58% of Gmail malware, 56% are Microsoft Office documents and 2% are PDFs, Google wrote in a recent blog post.

"To stay ahead of this constantly evolving threat, we recently added a new generation of document scanners that rely on deep learning to improve our detection capabilities," Google added.

The tech giant claimed that the new scanner, which was launched at the end of 2019, increased its daily detection rate by 150% when it comes to severe, "adversarial" attacks. For malware-ridden Office documents, the daily detection rate increased by 10%. 

That 10% figure may seem minuscule, but given the massive scale that Google is working on, it's a significant improvement. 

"Ten percent matters," Google's security and anti-abuse research lead Elie Bursztein told Wired. "We're trying to close the gap as much as possible."

Bursztein added that companies and nonprofits are three times more susceptible to malicious attacks than other organizations while government institutions are five times more likely to be the target of malware. 

The model Google uses for its scanner is TensorFlow — a machine-learning framework — that's trained with TensorFlow Extended (TFX). The scanner also uses a custom document analyzer for each file type.

"The document analyzers are responsible for parsing the document, identifying common attack patterns, extracting macros, deobfuscating content and performing feature extraction," Google said.

In conjunction with previous systems put in place to thwart incoming mail against spam, phishing and malware, Google claimed that the new machine-learning model with help Gmail inboxes combat against 99.9% of malicious threats.

Google plans to share more details about its new security measure — and the success it's having — at the RSA security conference in San Francisco on March 4.