Heuristic analysis based on regular expressions
Definition of a heuristic method
A heuristic method in email security is an analysis technique that uses rules and algorithms to detect suspicious behavior in emails. It focuses on threat characteristics and indicators, rather than on known virus or malware signatures.
Why use heuristic analysis in email security?
The purpose of heuristic analysis in email security is to detect new or unknown threats that cannot be detected by traditional methods. Heuristic analysis can be used to identify different types of threat, such as phishing attacks, malware, spam, denial-of-service attacks, etc.
How does heuristic email security analysis work?
An email security heuristic analysis works by using rules and algorithms to detect suspicious behaviour in emails. It can identify patterns such as suspicious links or attachments, malicious email addresses, messages containing specific keywords or phrases, and so on. Heuristic analysis can be enhanced by using artificial intelligence techniques to analyse patterns of behaviour. Heuristic methods in email security can be enhanced by artificial intelligence techniques to analyse patterns of user and attacker behaviour. The patterns identified can then be used to detect potential threats and improve detection efficiency.
Why choose the heuristic method for email security?
The heuristic method is often chosen in email security because it is effective in detecting new or unknown threats that cannot be detected by traditional methods. It also reduces the risk of email security being compromised, which can have a negative impact on businesses and users.
How long does a heuristic email security analysis take?
The duration of an email security heuristic analysis depends on the complexity of the problem to be solved or the threat to be detected. It can vary from a few seconds to several minutes or hours. However, heuristic analyses are often designed to be fast and effective, as they are used to detect threats in real time.
A heuristic analysis is a set of rules represented in the form of regular expressions. It is used to search for emails whose headers and bodies correspond to very specific characteristics known to have a high probability of being spam. Altospam uses a database of over 3,000 rules to identify spam in French and English.
Examples
/\b(dollard?s?|(e|€)uros?|pound|USD|sterling)\b/
In the example above, we are looking for the presence of single keywords specifying a currency. Plurals are provided for, as well as the use of the € symbol in place of the ‘e’ in ‘euro’.
Applications
In the classic case of ‘Viagra’, it is much more interesting to detect the presence of the word Viagra deliberately misspelled (for example: ‘V|agra’), rather than the actual term, which may well be used in an everyday discussion between pharmacists.
Email is the main vector for a cyber attack
New and increasingly sophisticated attacks are being launched around the world every day. Our solution detects and neutralises phishing, spear-phishing, malware, ransomware and spam threats in real time.