Zero-day malicious email investigation and detection using features with deep-learning approach

Abstract

Cyber hackers use email as a tool to trick, inject or drop malicious software into the recipient’s device. Everyday users have to face off against, phishing or malicious emails and it would be a huge problem for whole organizations even if only one user clicked on a single link from this malicious email. The difficult issue is how to classify and detect those malicious emails from ordinary, especially spear phishing emails, which are designed for a particular target, or zero-day malicious emails that no one has ever found until now. In this paper, we introduce a way to classify and detect zero-day malicious emails by using deep-learning with data investigated from the email header and body itself, combined with dynamic analysis information as a group of features. Four different language email datasets can be used to train and test the system to simulate real-world diversity and zero-day malicious email attack situations. We succeeded in obtaining a satisfactory accuracy rate for detection results for both zero-day malicious email types and normal spam.