| Abstract [eng] |
Although the technology of email is historically over 60 years old, it remains popular to this day due to its simplicity and versatility. It allows users to quickly and efficiently send messages and documents to remote recipients using internet connectivity. The main threats to email are phishing, the distribution of malicious files and the inclusion of harmful links in email messages. As technology evolves, such emails become increasingly convincing, making it harder to identify if the content is malicious. During the analysis, several email plugins were found that allow for the analysis of links within emails. However, only a few of them operated reliably and provided real benefits in helping to protect users from opening malicious links. Malicious links are most often detected using lexical or static analysis, checking links against blacklists, or applying machine learning models. Nevertheless, scientific literature identifies the most effective and accurate method for detecting malicious links as the combination of all three analytical approaches. When comparing different machine learning methods, the most accurate results in identifying malicious links are achieved using the Random Forest method. In the implementation of the project, blacklists were used to quickly and accurately identify known threats. For detecting previously unknown malicious links, lexical and domain feature analysis was performed, enabling the prediction of link reliability based on predefined indicators. Link prediction was carried out using a trained machine learning model based on the Random Forest method. Using this approach, an accuracy of 97.41% was achieved. When presenting results to the email user regarding the safety of links in an email, it was decided to display not only the link’s status but also, in the case of detected malicious links, to list all malicious features identified. Listing these features aims not only to inform the email user about potentially harmful links but also to serve an educational purpose, teaching users how to independently recognize potentially malicious content. |
