The project's goal is to detect anomalous dynamic behavior in deployed Android devices. Modern event-driven systems (e.g. Android OS) often suffer from transient performance issues usually due to an unpredictable resource contention (e.g. multiple callbacks are executed concurrently in the presence of external interrupts).
The current prototype uses an LSTM network that monitors the internal state of multiple Android components (e.g. system services, drivers) for abnormal behavior. The neural net comprises of multiple stacked LSTM layers and an output fully connected layer. It raises an alert if the distance between the LSTM’s prediction and the actual event is higher than a threshold. In the initial testing, the LSTM network was able to find an incorrect configuration of a fingerprint sensor in commercial Android phones which slowed down phones in the field under specific finger-positions that went undetected in an internal testing. Interestingly, the LSTM network not only flawlessly pinpointed the Android/Linux process causing issues but also found processes affected by this bug. In comparison to traditional debugging of the same issue, which took weeks, it took the LSTM net only a few seconds to find a buggy component in the system.
We are currently evaluating this framework at scale across hundreds of Android phones.