High-precision detection of business email compromise
Who is this presentation for?Data scientists or analysts
Business email compromise (BEC) and employee impersonation have become one of the most costly cybersecurity threats, causing over $12 billion in reported losses. Impersonation emails take several forms: some ask for a wire transfer to the attacker’s account. Others lead the recipient to a link that compromises their credentials. Email security systems aren’t effective in detecting these attacks because the attacks don’t contain a clearly malicious payload and are personalized.
Lior Gavish breaks down BEC-Guard, a detector used at Barracuda that prevents BEC attacks in real time using supervised learning. BEC-Guard has been in production since July 2017 and is part of the Barracuda Sentinel email security product. BEC-Guard detects attacks by relying on statistics about the historical email patterns accessed via cloud email provider APIs. The two main challenges when designing BEC-Guard were the need to label millions of emails to train its classifiers and to properly train the classifiers when employee impersonation emails is very rare, which can bias the classification. Barracuda’s key insight was to split the classification problem into two parts: one analyzing the email header and the second applying natural language processing to detect phrases associated with BEC or suspicious links in the email body. BEC-Guard uses cloud email providers’ public APIs to automatically learn the historical communication patterns of each organization and to quarantine emails in real time. Barracuda evaluated BEC-Guard on a commercial dataset containing more than 4,000 attacks, and it achieved a precision of 98.2% and a false positive rate of less than one in five million emails.
- A basic understanding of common ML models
- Familiarity training ML models
What you'll learn
- Learn strategies to successfully label and classify imbalanced datasets with >100M objects and to codify vast amounts of historical data for use in real-time classification
- Understand an API-based analysis of historical and real-time communication data
Lior Gavish is a senior vice president of engineering at Barracuda, where he coleads the email security business. Lior developed AI solutions that were recognized by industry and academia, including a Distinguished Paper Award at USENIX Security 2019. Lior joined Barracuda through the acquisition of Sookasa, an Accel-backed startup where he was a cofounder and vice president of engineering. Previously, Lior led startup engineering teams building machine learning, web and mobile technologies. Lior holds a BSc and MSc in computer science from Tel-Aviv University and an MBA from Stanford University.
Leave a Comment or Question
Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?
Join the conversation here (requires login)
Premier Diamond Sponsors
Premier Exhibitor Plus
For conference registration information and customer service
For more information on community discounts and trade opportunities with O’Reilly conferences
For information on exhibiting or sponsoring a conference
For media/analyst press inquires