TECHNI CAL FI ELD

The invention is related to a cyber security system which aims to prevent users and institutions being hacked via harmful e-mails.

KNOWN STATE OF THE ART

Nowadays institutions are carrying out studies to increase the awareness levels of employees by giving training against harmful e-mails and by sending phishing e-mails to them which do not contain harmful content. The method that is being presently applied is dependent on the awareness of users against phishing attacks. I n this case when harmful e- mails slip the attention of users, institutions cannot avoid phishing attacks. Therefore it is impossible to automatically prevent or detect phishing attacks.

BRI EF DESCRI PTI ON OF THE I NVENTI ON

The present invention has been developed in order to eliminate the disadvantages mentioned above and is related to a cyber security system in order to provide new advantages to the related technical field. This system shall be referred to us as OLTA.

The aim of the invention, is to determine phishing e-mails by means of the OLTA application without the need to depend on the awareness levels of users.

Another aim of the invention is to ensure that even users who do not know anything about cyber security are helped by making them aware of harmful e-mails by informing them instantly using OLTA and taking the necessary action to eliminate such harmful e-mails by detecting harmful e-mails without the need to user’s awareness

Another aim of the invention is to allow automatic securtiy checks of e-mails received by users instead of manual checking and to determine of the received e-mail is harmful or not by using trained artifical intelligence using mail samples that have been used in real phishing attacks.

DETAI LED DESCRI PTI ON OF THE I NVENTI ON

The novelty of the invention has been described with examples that shall not limit the scope of the invention and which have been intended to only clarify the subject matter of the invention.

The cyber security system subject to the invention is basically formed of 2 components. These components are the Application that is to be formed as an add-in to the mail boxes that the users have in order for the mails received by users to be analyzed, and the I nterface which enables for the e-mail information received by the users to be checked by the cyber security team of the institution. I t is enabled by OLTA, subject to the invention to,

• Warning users automatically against phishing attacks,

• Detecting harmful e-mails using Artificial intelligence algorithm that has been trained using e-mails subject to real phishing attacks in the past,

• Checking if the user has previously received an e-mail from the sender address that has sent the e-mail within a certain period of time,

• Sending the phishing e-mail to the interface via the Application if the user notices the phishing e-mail,

• Querying information of the e-mail belongs to the users on the interface (sender, country, I P, query of attachments and links) ,

• Creating rules on the interface and indentifying potentially compromised e-mail accounts on the I nterface,

• Entering and identifying indicators of previously used phishing attacks into the I nterface and checking similar attacks have being carried out in an institution using OLTA

• Cyber Security analysis of previously used phishing attack examples,

• Carrying out test phishing attacks in order to increase the awareness of users, using exemplary templates.

Artificial I ntelligence Algorithm I n order for the artificial intelligence to produce successful results, the features that need to be used for the training of artificial intelligence needs to be highly determinative.

Features that are established as the result of artificial intelliaence

These features are derived from the e-mails that have been received. It is determined if the e-mail is harmful or not by providing these features to the artificial intelligence algorithm . ( Example: Feed forward back propagation algoritmasi etc.)

With the I nterface, processes such as ensuring that information related to e-mails that have been sent to employees of an institution are managed over a single interface, ensuring cyber security staff of institutions to carry out quick queries with the interface to be formed on big data applications and to rapidly acquire information regarding harmful e-mails and to carry our procedures such as rule creating, application management and sample phishing scenarios defining in order to increase awareness of users against phishing attacks.

The security teams that are using the application can create rules according to their needs. A few examples have been given below.

Example 1 : Create a warning if 10 users have received suspicious e-mails in 5 minutes.

Example 2: Create a warning if 1 user has received 10 suspicious e-mails in 30 days.

Example 3: Create a warning if a suspicious e-mail is received at an e-mail address that is externally disclosed.

The process of entering definitions can be evaluated as a black list. The link, attachment and information such as the e-mail address of the sender inside the harmful e-mail shall be added in blacklist on the interface of the application

The application submits the related information regarding the e-mails to the interface. Thereby it shall be enabled for an institution which has hundreds of users to be able to observe the information belonging to e-mails which may be harmful from a single point on the interface that is to be used, rather than observing said information from the mail box of each user. Operation method of Oita which is a cyber security system according to the information described above; characterized by the following;

• The automatic commencement of operation of the Application if an e-mail is received from outside the institution to users who have already installed the Application component which is formed as an add-in to the mail box of the users in order to analyze the e-mail received by users,

• Automatic examination of the e-mail received by the user, according to header of e- mail, the subject of the e-mail, sender of the e-mail, contents of the e-mail, files attached to the e-mail and the links found inside the e-mail,

• Creating features which form the result of the artificial intelligence and which are used in order to understand if the e-mail is harmful or not by means of the information obtained as a result of the analysis,

• Determining if the e-mail is harmful or not by the submission of the features obtained from the e-mail to the trained artificial intelligence on the application

• Creating rules by correlating data submitted from the Application in order to create alerts on the interface, in accordance with the requirement of security team of the institution,

• Creating a warning via the Application on the mailbox, for the users according to the result of the artificial intelligence and the rules to be created,

• Taking actions regarding harmful e-mails,

• Submitting information of the mail received by the users to the I nterface in order for said information to be checked by the security team of the instutution if the users have clicked on the warning,

• Submitting of suspicious e-mails in order for them to be checked by the security team of the institution by clicking on the button on the application in the case that users are suspicious of such e-mails that were not detected to be harmful by the artificial intelligence,

• Carrying out queries, reporting, creating of rules, entering of definitions and performing Security analysis regarding the e-mail information submitted by the user

• Taking actions regarding said e-mails.