Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab in Israel have developed a new method for detecting malicious emails that is more effective than the top 60 antivirus engines on the market, according to a press release provided exclusively to TechRepublic.
Current email solutions use rule-based methods and don’t analyze other elements of the message, Nir Nissim, head of the Malware Lab at BGU, said in the release. Additionally, he said, “existing antivirus engines primarily use signature-based detection methods, and therefore are insufficient for detecting new, unknown malicious emails.”
Email-Sec-360°, the new method from BGU, instead relies on 100 email features to detect a malicious message, according to the release. Developed by Ph.D. student and researcher Aviad Cohen, the method is built on machine learning principles and operates without internet access, making it a useful solution for both individuals and businesses.
SEE: Information security incident reporting policy (Tech Pro Research)
To build out their detection model, the researchers used 33,142 emails (12,835 malicious and 20,307 benign), which they collected between 2013 and 2016, the release noted. Upon testing, researchers found that their method beat the next best solution by 13%.
“In future work, we are interested in extending our research and integrating analysis of attachments such as PDFs and Microsoft Office documents within Email-Sec-360°, since these are often used by hackers to get users to open and propagate viruses and malware,” Nissim said in the release. Nissim also noted that these methods have already been developed at the BGU Malware Lab.
Researchers at BGU’s Malware Lab are also working on an online portal where users could submit emails they think may be malicious and get a score on their potential maliciousness, the release noted. The system would use machine learning to do so, and offer the user recommendations on what they should do with the message in question. “In addition, the system would assist in collecting benign and malicious emails for research purposes which, due to privacy issues, is currently a very difficult task for researchers in this arena,” the release said.
To read the full research report from BGU, click here.
The big takeaways for tech leaders:
- A new malicious email detection system developed by BGU malware researchers outperforms the top 60 antivirus engines.
- Email-Sec-360°, developed by BGU Ph.D. student Aviad Cohen, uses 100 email features to detect potentially malicious messages.