ZEPAD or the art of using AI to detect morphing SPAM campaigns in real time

ZEPAD or how we use AI to detect spam malware and phishing in real time

After having successfully integrated deep learning algorithms into the spam classification engine, our R & D team has gotten to a new challenge: Anomaly detection in email flows.

The idea is conceptually simple: By carefully looking at the global inbound flow of our infrastructure, we can detect when email surges happen. If we have a clue that some of this volume is not legitimate, then we have an early warning system on spammer and scammers activity.

This would be a simple if all-spam message from a campaign to be shared with such a "unpaid Invoice" subject line from the same email or IP address. The reality is that these days, malware campaigns are morphing as they go. Posts using different subject lines are different from the others. It can be said that it can not be said that it can not do that for thousands of messages per second. A machine certainly has the goal of identification identification poses a complex challenge.

A problem that we just solved with a branch of AI, called clustering. Advanced near real-time clustering techniques can be used to process large batches of messages. Clustering and Natural Language Processing (NLP) algorithms try to group together messages that share common traits. These traits obviously include the subject of information, but they also include the message of the message, the attachment, and the various message features that we may find. Feeding all this data to the clustering algorithm and using the right similarity Measures does the magic and THUS is born ZEPAD - The ZEROSPAM Email Anomaly Detection Pattern .

Of course, they are legitimate because they represent bulk emails being sent for good commercial reasons. Conversely, a lot of clusters are blocked which just confirms that we are doing our job. The jewel comes from the clusters that show a delivery rate between 10% and 90%. We just set an alarm for these thresholds and that's it!

Clustering is relatively expensive considering the time constraint for a quick feedback, so there is a practical limit to post batches size That can be handled purpose it ZEROSPAM Allows to detect spam and malware campaigns AS THEY RISE . To our knowledge, this is a key advance in threat intelligence and it allows us to proactively protect our customer base.


Above are two messages with different features, subject lines and body.
These were identified by the ZEPAD clustering technique as being part of the same campaign.

This is another example of how ZEROSPAM researchers and software engineers make good use of their resources and the best advancements in technology to provide a best of breed service.

';