Deep Learning to Find Malicious Email Attachments

2020-02-28 17:57

At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week.

It's challenging to tell the difference between legitimate documents in all their infinite variations and those that have specifically been manipulated to conceal something dangerous.

The document analyzer looks for common red flags, probes files if they have components that may have been purposefully obfuscated, and does other checks like examining macros - the tool in Microsoft Word documents that chains commands together in a series and is often used in attacks.

The volume of malicious documents that attackers send out varies widely day to day.

Bursztein says that since its deployment, the document scanner has been particularly good at flagging suspicious documents sent in bursts by malicious botnets or through other mass distribution methods.

News URL

https://www.schneier.com/blog/archives/2020/02/deep_learning_t.html

#email #deeplearning