Researchers at the Ben-Gurion University of the Negev (BGU) Malware Lab have developed a new method to detect malicious emails that they claim is better than 60+ antivirus software available in the market today.
According to the researchers, almost all the antivirus solutions out there make sure of rule-base engine to detect malicious emails. Signature based detection has an inherent flaw wherein if a signature of a malware isn’t konwn, the antivirus software isn’t going to protect the users’s PC.
This method, called Email-Sec-360°, is based on machine learning methods and leverages 100 general descriptive features extracted from all email components, including the header, body and attachments. The methodology does not require internet access, so it can be deployed by individuals and organizations, and it provides enhanced threat detection in real time.
For their experiments, the researchers used a collection of 33,142 emails (12,835 malicious and 20,307 benign) obtained between 2013 and 2016. They compared their detection model to 60 industry-leading antivirus engines as well as previous research, and found their system outperformed the next best antivirus engine by 13 percent — significantly better than such products including Kaspersky, MacAfee and Avast.
The Malware Lab researchers are also considering developing an online system that evaluates the security risk posed by an email message. It would be based on advanced machine learning methods and allow users worldwide to submit suspicious email messages and instantly obtain a maliciousness score and a recommendation on how to treat the email. In addition, the system would assist in collecting benign and malicious emails for research purposes which, due to privacy issues, is currently a very difficult task for researchers in this arena.