Victim or Attacker? A Multi-dataset Domain Classification of Phishing Attacks

Page, Sophie Le; Jourdan, Guy-Vincent

doi:10.1109/pst47121.2019.8949038

Cited by 4 publications

(1 citation statement)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although, we filtered these certificates against our benign domains list, we reckon that a significant amount of benign certificates is falsely labeled as malicious as we only filtered against known redirecting and hosting services. According to estimates, 62% − 73% of phishing websites are actually hosted on compromised infrastructure [20,21]. This is why the approaches by Sakurai et al and Phishing Catcher perform slightly better than the machine learning classifiers.…”

Section: Resultsmentioning

confidence: 99%

Finding Phish in a Haystack: A Pipeline for Phishing Classification on Certificate Transparency Logs

Drichel¹,

Drury²,

Brandt³

et al. 2021

Proceedings of the 16th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Current popular phishing prevention techniques mainly utilize reactive blocklists, which leave a "window of opportunity" for attackers during which victims are unprotected. One possible approach to shorten this window aims to detect phishing attacks earlier, during website preparation, by monitoring Certificate Transparency (CT) logs. Previous attempts to work with CT log data for phishing classification exist, however they lack evaluations on actual CT log data. In this paper, we present a pipeline that facilitates such evaluations by addressing a number of problems when working with CT log data. The pipeline includes dataset creation, training, and past or live classification of CT logs. Its modular structure makes it possible to easily exchange classifiers or verification sources to support ground truth labeling efforts and classifier comparisons. We test the pipeline on a number of new and existing classifiers, and find a general potential to improve classifiers for this scenario in the future. We publish the source code of the pipeline and the used datasets along with this paper [12], thus making future research in this direction more accessible. CCS CONCEPTS• Security and privacy → Intrusion detection systems; • Computing methodologies → Machine learning.

show abstract

Section: Resultsmentioning

confidence: 99%