By Nick Heath
Tuesday, October 14 2008 11:52 AM
URL: http://www.zdnetasia.com/news/security/0,39044215,62047137,00.htm

Artificial intelligence could soon be used in the battle against phishing fraud e-mail messages.

From next year, security researchers hope to begin rolling out a system that uses machine learning to spot fraudulent e-mail messages, much in the same way as a human being would.

U.S. security company Symantec, German research organization Fraunhofer-Gesellschaft, ISP Tiscali and their partners have pooled their expertise on machine learning, image recognition, text extraction and security to build the EC-funded system, in development since 2006.

A prototype is being fed samples from the vast store of phishing e-mail messages that Symantec collects, to learn the fraudulent e-mail messages' telltale characteristics.

Director of Symantec Research Labs Europe Marc Dacier said: "The idea is to have a machine that is able to figure out what is a phishing message by offering it a bunch of samples.

"We have developed various new technologies. It learns from factors such as the frequency of certain words, the language used, the use of pictures or the presence of certain URLs.

"Then you do not need to have rules anymore, to have to say 'if it contains this string then it is a phishing message', you have a system that is completely automated."

"We are in the process of validating a prototype that we have built, we want to validate that this technique is possible."

The software could help security researchers in identifying the latest phishing scams from "honeypot" accounts, online PCs spread across the globe that gather fraudulent and spam messages.

Nick Heath of Silicon.com reported from London.