Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab have developed a new method for detecting malicious emails that is more effective than the top 60 antivirus engines on the market.
“Current e-mail solutions use rule-based methods and don’t analyze other elements of the message,” said Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, and a member of the Department of Industrial Engineering and Management. “Existing antivirus engines primarily use signature-based detection methods and therefore are insufficient for detecting new, unknown malicious emails.”
Email-Sec-360, the new method from BGU, leverages 100 general descriptive features extracted from all email components, including header, body and attachments, to detect a malicious message. The research was published in the exclusive scientific journal Expert Systems with Applications.
AABGU notes that the method, developed by Ph.D. student and researcher Aviad Cohen, is built on machine learning principles and operates without internet access, making it a useful solution for both individuals and businesses.
To build out their detection model, the researchers used 33,142 emails (12,835 malicious and 20,307 benign), which they collected between 2013 and 2016, the release noted. Upon testing, researchers found that their method outperformed the next best antivirus engine by 13 percent.
“In future work, we are interested in extending our research and integrating analysis of attachments, such as PDFs and Microsoft Office documents within Email-Sec-360°, since these are often used by hackers to get users to open and propagate viruses and malware,” Dr. Nissim said. He also noted that these methods have already been developed at the BGU Malware Lab.
Researchers at BGU’s Malware Lab are also working on an online portal where users could submit e-mails they think may be malicious and get a score on their potential maliciousness. The system would use machine learning to do so, and offer the user recommendations on what they should do with the message in question.
“In addition, the system would assist in collecting benign and malicious e-mails for research purposes which, due to privacy issues, is currently a very difficult task for researchers in this arena,” Dr. Nissim said.
— Read more in Conner Forrest, “New email malware detection can outperform the top 60 antivirus engines,” TechRepublic (18 July 2018)