E-mail is the traditional, primary, and the most vital part of communication within business organizations. They hold minutes of important discussions, confidential documents as attachments, high-profile business contact details, and much more. Hence, hackers or intruders often use emails as a medium to deliver dangerous content to the victim via attachments or by providing links to malicious websites. Companies throughout the world take huge efforts to detect malicious content within their communication media by setting up robust antivirus firewalls.
But, how secure are they? Many choose antivirus engines based on their popularity than its performance. The myth that famous antivirus packages get you utmost security is now debunked by Email-sec-360°. According to Phys Org, it surpasses 60 other popular antivirus packages known to us.
Email-sec-360° is developed by Aviad Cohen, a Ph.D. student, and researcher at the Ben-Gurion University of the Negev (BGU) Malware Lab researchers. It detects unknown, malicious emails much more accurately than the popular antivirus products such as Kaspersky, McAfee, Avast, etc.
Present antivirus engines use rule-based methods to analyze specific email sections. These often overlook the other important parts of the email. Dr. Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, stated that the existing antivirus engines use signature-based detection methods. These methods are at times insufficient for detecting new and unknown malicious emails.
However, Email-sec-360° is based on machine learning methods and leverages 100 general descriptive features extracted from all email components, which include the header, body and attachments. Also an interesting fact about this method is that, it does not require an internet access. Thus, it provides a seamless threat detection in real-time and can be easily deployed by any individual or organizations.
The researchers used a collection of 33,142 emails, which included 12,835 malicious and 20,307 benign emails obtained between 2013 and 2016. Later, they compared their detection model to 60 industry-leading antivirus engines as well as previous research. On doing this, they found their system to outperform the next best antivirus engine, Cyren, by a 13 percent range.
BGU’s Malware Lab method vs the others
BGU Malware Lab plan to extend this method by including research and analysis of attachments (PDFs and Microsoft Office documents) within the Email-sec-360°. Dr. Nissim adds,”since these are often used by hackers to get users to open and propagate viruses and malware.” They are also planning to develop an online system that evaluates the security risk posed by an email message. This system will be based on advanced machine learning methods and would also allow users to submit suspicious email messages and quickly obtain a maliciousness score. The system will further recommend on how to treat the email and would help to collect benign and malicious emails for research purposes.
Read more about Email-sec-360° in the Phys Org blog post