Email Malware Detector Can Outperform the Top 60 Antivirus Engines

by  Conner Forrest,  TechRepublic

Researchers in the Malware Laboratory of Ben-Gurion University of the Negev (BGU) in Israel have developed a method for detecting malicious emails which they say is more effective than the top 60 antivirus engines on the market. Current email solutions use rule-based methods and don’t analyze other elements of the message, Nir Nissim, head of the Malware Lab at BGU, said in the release. Additionally, he said, “existing antivirus engines primarily use signature-based detection methods, and therefore are insufficient for detecting new, unknown malicious emails.”

The new Email-Sec-360° system is built on machine learning principles and operates without Internet access; it relies on 100 email features to detect a malicious message. The researchers built the detection model using 12,835 malicious emails and 20,307 benign emails, collected between 2013 and 2016.

During testing, the researchers found the system beat the next-best solution by 13%. BGU’s Nir Nissim says the researchers hope to extend their research by “integrating analysis of attachments such as PDFs and Microsoft Office documents within Email-Sec-360°, since these are often used by hackers to get users to open and propagate viruses and malware.” Read report.