Pierluigi Paganini February 27, 2020

Google revealed that the enhancements to its scanning system implemented in Gmail are boosting its detection capabilities.

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents.

The IT giant proudly announced that combining its existing machine learning models with other protections it was able to detect and block more than 99.9% of threats that attempt to target Gmail users.

The figures revealed by Google are awesome, the company declared that its malware scanner processes more than 300 billion attachments each week.

“Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing this, and in conjunction with our other protections, they help block more than 99.9% of threats from reaching Gmail inboxes.” reads the announcement published by Google.

Another interesting data shared by Google is that 63% of the threats blocked by Google differ from day to day, for this reason the company rolled out a new generation of document scanners that leveraged deep learning.The company also revealed that malicious documents represent 58% of the malware targeting Gmail users. 

According to Google, since the end of 2019, the use of the new scanners allowed to increase the daily detection of weaponized Office documents by 10%.

“Our technology is especially helpful at detecting adversarial, bursty attacks. In these cases, our new scanner has improved our detection rate by 150%. Under the hood, our new scanner uses a distinct TensorFlow deep-learning model trained with TFX (TensorFlow Extended) and a custom document analyzer for each file type.” continues the announcement.

The new scanner implements a distinct TensorFlow deep-learning model trained with TFX (TensorFlow Extended) and uses a distinct document analyzer for each file type. The analyzers are able to inspect the documents, search for common attack patterns, extract macros, de-obfuscate content, and extract features.

Google is focused on further improving its detection capabilities, its experts are still actively developing scanning technology that is currently used only to scan Office documents.

“Our new scanner runs in parallel with existing detection capabilities, all of which contribute to the final verdict of our decision engine to block a malicious document.” Google concludes. “Combining different scanners is one of the cornerstones of our defense-in-depth approach to help protect users and ensure our detection system is resilient to adversarial attacks,”

Pierluigi Paganini

(SecurityAffairs – Gmail, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]