Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Anti-spam filter improvements with behavioural analysis

Network Box : 18 May, 2009  (New Product)
Network box has developed eMail Relationship Manager to increase spam detection rates through behavioural analysis modelling
A new system of fighting spam, that significantly improves the performance of spam filters, has been developed by managed security firm, Network Box. The system, eMail Relationship Manager, has shown in beta tests over the last four months to eradicate spam almost entirely - 99.5 per cent - rather than the 95-98 per cent effectiveness of most existing anti-spam systems. (Network Box sampled 10,000 spam emails. 'Traditional' anti-spam systems were found to let through around 200. eMail Relationship Manager would catch at least 150 of those 200.)

eMail Relationship Manager - developed and tested by Network Box's security analysts over the past 12 months - changes the way spam is currently classified, detected and treated by applying learning from user behaviour (as well as analysing an email's content, reputation and IP address). The system is due to be rolled out across all existing Network Box customers from 15 May.

Currently, spam protection has been applied using three main methods: analysis of the message content, the reputation of the sender; and challenge response, which works by putting the onus onto the email sender to accept a challenge from the recipient, to prove who they are. Today's anti-spam systems will rarely reach more than 95-98 per cent accuracy, which when you consider the amount of email sent, still lets through a significant number of spam emails. Challenge response systems used in isolation are notoriously unsuccessful, with as little as 40 per cent of genuine email getting through the system, as senders are reluctant to go through the challenge system.

The difference with Network Box's eMail Relationship Manager is that it analyses and learns from the behaviour of the sender and recipient of an email, to give a score to the email which is applied in addition to traditional anti-spam filter analysis. It works by:

Maintaining a central database to store existing email accounts managed by Network Box on behalf of the email recipient (so genuine email from addresses kept in a users address book will be white-listed, assuming their content passes the traditional filter analysis which naturally includes the reputation of the sender). This records and analyses historical information about the relationship in order to judge the likelihood of that email containing malware or unwanted content. The database can be queried and adjusted at any time by Network Box, the organisation's administrator, or the user. It is continually updated with every email passing through the system, and will challenge new behaviour, flagging up when a whitelisted email address changes its shape - for example, if a contact in Hong Kong suddenly starts sending emails from Russia.

All relationships are defined using a score based on sender + recipient + type analysis, and given a score based on the trust and strength of the relationship.

The system also learns from user behaviour. For example, if the email user A sends an email to email user B, then the system understands that user A trusts user B, and therefore will strengthen the score of trust in that relationship.

If an email relationship is scored as low, then there are number of options open to the system, depending on its configuration. It can quarantine the email and notify the recipient (it can be released with a single click from the recipient if required); challenge the sender to confirm their identity; or defer the email.

Simon Heron, Internet Security Analyst for Network Box says: "The volume and sophistication of spam email means that spam filtering needs to be continually enhanced to address the problem. Neither spam filters nor traditional challenge response systems are effective enough any more. Analysing relationships between email senders and recipients is currently a very effective way to combat spam."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo