AI Research

SophosAI at Virus Bulletin ’24: Using multimodal AI as a “sixth sense” for cyber defense

Sophos' Younghoo Lee will present his research on the use of AI to analyze both text and image data to classify spam, phishing, and unsafe web content in Dublin.

At this week’s Virus Bulletin 2024 conference in Dublin, Ireland, Sophos principal data scientist Younghoo Lee will present a paper on SophosAI’s research into applying large language model (LLM) artificial intelligence to the complex problem of email and web content classification. Lee’s presentation will detail the use of “multimodal” AI—using models to examine both the text and images in email and web content to classify the content as benign, unwanted or harmful.

In his paper, “Multimodal AI: The Sixth Sense for Cyber Defence,” Lee explains that adversaries can use generative AI to create convincing phishing emails and websites, as demonstrated in SophosAI’s “Scampaign” research published last year. Additionally, traditional machine learning approaches to phishing and spam detection built with training sets of existing malicious and unwanted (“spam”) content might miss new techniques that don’t match existing patterns.

However, the same technology SophosAI examined as a potential source of malicious email and web content can also be used to detect that kind of content, as well as to classify new web sites that have no existing reputation data. By using multimodal AI that looks at all aspects of content using LLMs­–models trained on massive datasets of Internet content—to analyze email headers, content, logos and images, it is possible to recognize new and previously unseen phishing emails and other malicious or unwanted content even without specific training data.

Lee’s presentation is at 11:30 AM local time on Friday, October 4. A full article on the research will be published following the presentation.