Vade Secure has equipped its email security solutions with computer vision technology that utilizes artificial intelligence to block image-based phishing attacks.
Called the Computer Vision Engine and available now at no extra cost across Vade Secure’s product line, the new functionality can detect hidden threats embedded in logos, QR codes, and text-based images. Hackers are increasingly using such techniques to outfox content filtering software, including computer vision systems that rely on template matching or feature matching techniques, according to Adrien Gendre, the vendor’s chief solution architect.
“Essentially, the original image has a signature and the algorithm will only recognize images with the same signature,” he says. Vade’s technology, by contrast, focuses on the image itself rather than its underlying code.
“By analyzing the rendering instead of the code, Vade’s Computer Vision Engine can accurately detect logos and other images even when they’ve been modified from their original form and thus have a unique signature,” Gendre says.
According to Vade, the artificial intelligence behind the Computer Vision Engine, which is based on the VGG-16 and ResNet CNN object detection deep learning algorithms, allows it inspect graphics the same way humans do.
“If I were to change the brightness or saturation of the Microsoft logo, you would still recognize it as the Microsoft logo,” Gendre says. “You’ve seen the Microsoft logo hundreds or thousands of times, so you have a good enough visual memory of the logo to recognize it even when it’s altered. That’s what our Computer Vision Engine does. It detects an image even when it’s not identical to the original, because it’s smart enough to recognize it even what it’s not an exact match.”
To further enhance the system’s effectiveness, Vade has armed it with a proprietary algorithm that combines predictions from its two core algorithms to render a final verdict. Additional proprietary technology in the system randomly modifies images and places them on different backgrounds to detect graphics not only in their original form but in similar but deliberately flawed versions as well.
The new functionality also draws on threat intelligence informed by data from the 600 million mailboxes Vade Secure protects at present. According to Gendre, the system outperformed the Google Vision API in benchmark tests of common phishing webpage renderings.
At present, the Computer Vision Engine is trained to recognize 66 logos across what Vade says are the 30 most impersonated brands, including Microsoft, PayPal, Netflix, Bank of America, and Facebook. “We will look to expand the number of supported logos over time, as other brands become more popular targets of cybercriminals,” Gendre says.
Image-based exploits are a relatively recent newcomer to the arsenal of techniques cybercriminals use to lure unsuspecting users into clicking malicious content in emails. According to Vade, for example, so-called “sextortion” messages initially utilized plain text when they started appearing in large numbers last summer. As email filters began adapting to the threat, however, attackers switched to using screenshots of plain text instead to avoid detection.
Vade’s email security solution for Office 365 and cloud-based solution for Microsoft Exchange, G Suite, and other environments both leverage the Computer Vision Engine now, as does the company’s Content Filter SDK for ISPs and telecommunication providers.
The Computer Vision Engine is the latest in a series of AI-powered technologies from Vade. Earlier examples include supervised machine learning models that evaluate over 40 URL and webpage attributes to spot phishing attacks in real time, anomaly detection and natural language processing code that scans for patterns and behaviors common in spear phishing emails, and the automated remediation capabilities Vade added to its email security solution for Microsoft Office 365 in July.
In June, Datto announced that it has embedded email security functionality developed and delivered in partnership with Vade to its cloud-to-cloud SaaS Protection.