電腦已找到更好方法發現電郵來的惡意軟件，研究人員稱

電腦已找到更好方法發現電郵來的惡意軟件，研究人員稱
Computers Have Found a Better Way to Spot Emailed Malware, Researchers Say

JULY 24, 2018 

Somehow no one thought of applying machine learning to malicious email in exactly this way. But the results are big.

Look out, McAfee; the next big cybersecurity software could be coming out of Israel. A group of researchers from Ben-Gurion University has published a new method for detecting malicious emails that they say outperforms 60 top-selling anti-virus programs.

Most anti-virus engines examine specific parts of email, such as attached files, as they look for malicious code that could disrupt a user’s computer if it were executed. It’s kind of like checking someone’s carry-on for contraband. While that’s the most logical place for a border guard to look, it’s hardly the only place a smuggler might hide something. Current anti-virus software misses key areas in email that are increasingly likely to carry bad code.

“Existing email analysis solutions only analyze specific email elements using rule-based methods, and don’t analyze other important parts,” Nir Nissim, head of the David and Janet Polak Family Malware Lab at Cyber@BGU, said in a press release. For instance, the number and size of attachments is a typical giveaway of a suspicious email, as is the number of recipients, since most email attackers are seeking the largest number of potential victims. But those aren’t the only indicators.

Led by Aviad Cohen, a Ph.D. student and researcher at the BGUMalware Lab, the researchers took 33,142 emails, about one-third of which were malicious, and applied various machine-learning methodologies to find common indicators of bad email that popular virus-detecting software packages such as Kaspersky, McAfee, and BitDefender missed. They dubbed the resulting tool Email-Sec-360°.

https://www.nextgov.com/cybersecurity/2018/07/computers-have-found-better-way-spot-emailed-malware-researchers-say/149973/