Phish Finder: Can Machine Learning Identify a Phishing Attack? presented at CarolinaCon15 2019

by Scott Hefner,

Summary : Phishing emails are one of the largest issues Cybersecurity professionals face today. An errant user clicking a malicious link can be all that is required for attacker to gain a foothold inside a corporate network. As such, many Cybersecurity departments will review reported emails from employees to help them determine if they are legitimate or not. While a great service, this can be extremely time consuming when employees submit large numbers of emails. To help minimize the load on our Detection team, our team has developed a machine learning email classification tool. Currently, our classifier extracts over 400 features from each individual email to allow it to identify emails that may require follow up from an analyst. Equally as important, this tool will identify emails that do not need analyst intervention and can be dispositioned accordingly. In this presentation we will also discuss our future plans to expand the classification tool to identify each of the 10 different Phishing email classifications (Phishing, Malicious, Spam, etc.) our Detection team uses.