Paper Info
Title
Finding Phish in a Haystack: A Pipeline for Phishing Classification on Certificate Transparency Logs
Abstract
Current popular phishing prevention techniques mainly utilize reactive blocklists, which leave a "window of opportunity" for attackers during which victims are unprotected. One possible approach to shorten this window aims to detect phishing attacks earlier, during website preparation, by monitoring Certificate Transparency (CT) logs. Previous attempts to work with CT log data for phishing classification exist, however they lack evaluations on actual CT log data. In this paper, we present a pipeline that facilitates such evaluations by addressing a number of problems when working with CT log data. The pipeline includes dataset creation, training, and past or live classification of CT logs. Its modular structure makes it possible to easily exchange classifiers or verification sources to support ground truth labeling efforts and classifier comparisons. We test the pipeline on a number of new and existing classifiers, and find a general potential to improve classifiers for this scenario in the future. We publish the source code of the pipeline and the used datasets along with this paper [12], thus making future research in this direction more accessible.
Year
DOI
Venue
2021
10.1145/3465481.3470111
ARES 2021: 16TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY
Keywords
DocType
Citations 
Phishing detection, certificate transparency, machine learning
Conference
0
PageRank 
References 
Authors
0.34
0
4
Name
Order
Citations
PageRank
Drichel Arthur121.76
Vincent Drury202.03
Justus von Brandt300.34
Ulrike Meyer45912.39