Serverless Machine Learning for Phishing

Scott Rodgers

Phishing emails are one of the largest issues Cybersecurity professionals face today. An errant user clicking a malicious link can be all that is required for attacker to gain a foothold inside a corporate network. As such, many Cybersecurity departments will review reported emails from employees to help them determine if they are legitimate or not. While a great service, this can be extremely time consuming when employees submit large numbers of emails. To help minimize the load on our Detection team, our team has developed a machine learning email classification tool. Currently, our classifier extracts over 400 features from each individual email to allow it to identify emails that may require follow up from an analyst. It produces a likelihood score and recommended classification (Phishing, Spam, Legitimate, etc.) to inform analysts and automatically disposition low risk emails. To implement the model in production we will discuss serverless deployment with REST API triggers.