NEWS
Artificial intelligence could soon be used in the battle against phishing fraud emails.
From next year, security researchers hope to begin rolling out a system that uses machine learning to spot fraudulent emails, much in the same way as a human being would.
US security company Symantec, German research organisation Fraunhofer-Gesellschaft, ISP Tiscali and their partners have pooled their expertise on machine learning, image recognition, text extraction and security to build the EC-funded system, in development since 2006.
A prototype is being fed samples from the vast store of phishing emails that Symantec collects, to learn the fraudulent emails' telltale characteristics.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Director of Symantec Research Labs Europe Marc Dacier said: "The idea is to have a machine that is able to figure out what is a phishing message by offering it a bunch of samples.
"We have developed various new technologies. It learns from factors such as the frequency of certain words, the language used, the use of pictures or the presence of certain URLs.
"Then you do not need to have rules anymore, to have to say 'if it contains this string then it is a phishing message', you have a system that is completely automated.
"We are in the process of validating a prototype that we have built, we want to validate that this technique is possible."
The software could help security researchers in identifying the latest phishing scams from "honeypot" accounts, online PCs spread across the globe that gather fraudulent and spam messages.
Comments
There is 1 comment. Join the discussion
1. Roger Huffadine
Doomed to failure - why not use humans to spot Phishing?
Artificial Intelligence relies on the quality of the inference engine and the selection of data that is used to prime the system.
We already have e-mail filters that block my e-mails if I sign them Rxx [as in Roger xx] - These AI systems will be cracked in days by the people who write the phishing systems.
One simple way would be to pollute the AI system by feeding it a pre planned sequence of phishes over a period of several weeks that appear to follow a particular algorithm - but - that algorithm is specifically designed to produce a 'blind spot' in the AI knowledge. Its too easy to believe that criminals are stupid because the only criminals that we see are those who get caught.