Detection rate of adversarial attacks rises by 150%

Defense in depth approach improves malware detection over Gmail

Google has stepped up its efforts to apply machine learning techniques in order to further protect Gmail users from malicious documents.

During a presentation at the RSA Conference, Google’s Elie Bursztein explained how the tech giant detects threats throughout the Gmail ecosystem.

Gmail uses multiple detection approaches in order to weed out spam, phishing attempts, and malware from email messages.

A launch of a new scanner in 2019 has allowed Google to increase its “daily detection coverage of Office documents that contain malicious scripts by 10%,” Bursztein, who leads the company’s security and anti-abuse research team, said in a blog post ahead of his presentation in San Francisco.

The scanner, which applies a distinct TensorFlow deep learning model trained with TensorFlow Extended, has seen detection rate of adversarial attacks rise by 150%, Bursztein said.

This is partly due to the scanner’s custom document analyser that’s used for each file type, he said. Malicious documents blocked by Google vary by 63% each day, making this kind of defense necessary.

Malicious documents represent a significant part (58%) of the overall volume of malware targeting Gmail users – malicious Office documents alone account for 56% of total volume. By comparison, 2% of dodgy documents arrive in the form of malicious PDF attachments.

“Our new scanner runs in parallel with existing detection capabilities, all of which contribute to the final verdict of our decision engine to block a malicious document,” Bursztein said.

“Combining different scanners is one of the cornerstones of our defense-in-depth approach to help protect users and ensure our detection system is resilient to adversarial attacks.”

RELATED RSA Conference: Latin American cybercrime ecosystem exposed