Proactive Discovery of Phishing Related Domain Names
نویسندگان
چکیده
Phishing is an important security issue to the Internet, which has a significant economic impact. The main solution to counteract this threat is currently reactive blacklisting; however, as phishing attacks are mainly performed over short periods of time, reactive methods are too slow. As a result, new approaches to early identify malicious websites are needed. In this paper a new proactive discovery of phishing related domain names is introduced. We mainly focus on the automated detection of possible domain registrations for malicious activities. We leverage techniques coming from natural language modelling in order to build proactive blacklists. The entries in this list are built using language models and vocabularies encountered in phishing related activities ”secure”, ”banking”, brand names, etc. Once a pro-active blacklist is created, ongoing and daily monitoring of only these domains can lead to the efficient detection of phishing web sites.
منابع مشابه
Master Thesis as part of the major in Security & Privacy at the EIT Digital Master School SIDekICk SuspIcious DomaIn Classification
The Domain Name System (DNS) plays a central role in the Internet. It allows the translation of human-readable domain names to (alpha-) numeric IP addresses in a fast and reliable manner. However, domain names not only allow Internet users to access benign services on the Internet but are used by hackers and other criminals as well, for example to host phishing campaigns, to distribute malware,...
متن کاملGhost Domain Names: Revoked Yet Still Resolvable
Attackers often use domain names for various malicious purposes such as phishing, botnet command and control, and malware propagation. An obvious strategy for preventing these activities is deleting the malicious domain from the upper level DNS servers. In this paper, we show that this is insufficient. We demonstrate a vulnerability affecting the large majority of popular DNS implementations wh...
متن کاملFSA based Code Sequence Checking to Prevent Mal Use of Myanmar IDNs
With the development of new technologies, not only online contents but also domain names can be represented in local languages and this makes human society with better communication, better education and better business. Though domain names in some Asian languages such as Japanese, Indian languages, Sinhala and Urdu, are already implemented, not many works have been attempted on domain names in...
متن کاملPetname Systems
It has been repeatedly observed [Zooko, Shirky, PNML, Close] that global namespaces suffer from a variety of difficulties. While different analyses have focused on different problems, the conclusion emerges that global names are often overloaded with too many purposes, purposes that come into conflict as the system reaches global scale. One representation of the conflict is, global namespaces a...
متن کاملThe Long "Taile" of Typosquatting Domain Names
Typosquatting is a speculative behavior that leverages Internet naming and governance practices to extract profit from users’ misspellings and typing errors. Simple and inexpensive domain registration motivates speculators to register domain names in bulk to profit from display advertisements, to redirect traffic to third party pages, to deploy phishing sites, or to serve malware. While previou...
متن کامل