More Effective E-mail Malware Detection
More Effective E-mail Malware Detection
July 19, 2018
Tech Republic – Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab have developed a new method for detecting malicious e-mails that is more effective than the top 60 antivirus engines on the market.
“Current e-mail solutions use rule-based methods and don’t analyze other elements of the message,” says Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the Department of Industrial Engineering and Management.
“Existing antivirus engines primarily use signature-based detection methods and therefore are insufficient for detecting new, unknown malicious emails.”
Email-Sec-360°, the new method from BGU, leverages 100 general descriptive features extracted from all e-mail components, including header, body and attachments, to detect a malicious message. The research was published in the exclusive scientific journal Expert Systems with Applications.
Developed by Ph.D. student and researcher Aviad Cohen, the method is built on machine learning principles and operates without internet access, making it a useful solution for both individuals and businesses.
BGU method outperforms top antivirus engines
To build out their detection model, the researchers used 33,142 emails (12,835 malicious and 20,307 benign), which they collected between 2013 and 2016, the release noted. Upon testing, researchers found that their method outperformed the next best antivirus engine by 13 percent.
“In future work, we are interested in extending our research and integrating analysis of attachments, such as PDFs and Microsoft Office documents within Email-Sec-360°, since these are often used by hackers to get users to open and propagate viruses and malware,” says Dr. Nissim. He also noted that these methods have already been developed at the BGU Malware Lab.
Researchers at BGU’s Malware Lab are also working on an online portal where users could submit e-mails they think may be malicious and get a score on their potential maliciousness. The system would use machine learning to do so, and offer the user recommendations on what they should do with the message in question.
“In addition, the system would assist in collecting benign and malicious e-mails for research purposes which, due to privacy issues, is currently a very difficult task for researchers in this arena,” says Dr. Nissim.
Read more on the Tech Republic website >>
Stories Like This
