Vade Secure, the global leader in predictive email defense, today unveiled its new Computer Vision Engine, a proprietary technology now available in all Vade Secure products that enhances phishing detection accuracy. Trained to view web pages and emails as humans see them, Vade’s Computer Vision Engine identifies brand logos, QR codes, and text-based images, thwarting phishing attacks designed to bypass content filtering technologies and even computer vision algorithms relying on template matching or feature matching.
“Cybercriminals are carrying out increasingly targeted and dynamic phishing attacks, going so far as changing every element of the code in order to evade detection,” said Sebastien Goutal, Chief Science Officer, Vade Secure. “Such attacks often contain thousands, even millions, of unique emails from a code point of view, but to the human eye, the messages appear identical. Vade’s Computer Vision Engine accurately detects common images in phishing attacks by analyzing the rendering instead of the code, adding another layer to our best-in-class AI-based threat detection capabilities.”
Vade’s Computer Vision Engine is based on the VGG-16 and ResNet CNN object detection deep learning algorithms. Through the process of Transfer Learning, these algorithms have been optimized specifically to detect common images in email threats using examples from Vade’s 600 million protected mailboxes. In addition, Vade has developed a proprietary algorithm that combines predictions from the two algorithms to render a final verdict that is leveraged in its multi-layered analysis for phishing detection.
The Vade Computer Vision Engine currently supports the following use cases:
- Brand logo detection – Cybercriminals subtly modify logos to fool template matching and feature matching algorithms while still being recognizable to humans. The Vade Computer Vision Engine has been trained to detect 66 logos across the 30 most impersonated brands, including Microsoft, PayPal, Netflix, Bank of America, and Facebook. The engine can also detect key product logos, such as Microsoft Office 365 and OneDrive.
- QR code detection – Cybercriminals often use QR codes in lieu of URLs in order to evade detection by URL scanning technologies. The engine can detect and blacklist QR codes, providing additional protection against this phishing technique.
- OCR for text-based images – To avoid detection by content filtering technologies, cybercriminals send image-only emails (e.g. sextortion scams that are screenshots of plain text emails). The Vade Computer Vision Engine leverages OCR capabilities to understand the text in images and block these threats.
Extending Vade’s Track Record of AI-Based Innovation
The Computer Vision Engine extends Vade Secure’s long track record of innovation in applying artificial intelligence in the fight against advanced email threats. Partners and customers currently benefit from the following AI-based capabilities:
- Supervised machine learning for phishing detection – Supervised machine learning models perform real-time analysis of the URL and webpage, evaluating more than 40 features (e.g. how the page and form are crafted, use of redirections and shorteners, obfuscation techniques, etc.) to determine whether it’s fraudulent.
- Anomaly detection and NLP for spear phishing detection – Anomaly detection and natural language processing (NLP) scan for patterns, anomalies, and behaviors common in spear phishing emails. If spear phishing is suspected, a customizable banner is displayed within the email alerting the user.
- AI-based auto-remediation – Leveraging a real-time view of emerging global threats from 600 million mailboxes, Vade’s AI engine learns from its mistakes and takes immediate action to remove any threats that have reached users’ inboxes. This capability is uniquely available in Vade Secure for Office 365 thanks to its native API integration.
Available in all Vade products
The Computer Vision Engine is leveraged by all Vade Secure products, including its native, API-based solution for Office 365; its cloud-based solution for Exchange, G Suite, and other environments; and its Content Filter SDK for ISPs and telcos. Vade will continue to develop the engine to support additional use cases.