Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F24%3APU154679" target="_blank" >RIV/00216305:26230/24:PU154679 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/10814617" target="_blank" >https://ieeexplore.ieee.org/document/10814617</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.23919/CNSM62983.2024.10814617" target="_blank" >10.23919/CNSM62983.2024.10814617</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection

Popis výsledku v původním jazyce

Phishing is a major threat, using deceptive tactics to steal sensitive information like passwords and financial details. The rapid innovation by cybercriminals and sophisticated social engineering amplify the challenges in combating phishing campaigns. Traditional blocklisting methods struggle due to the dynamic nature of the Internet and the continuous emergence of new phishing sites. Our research presents an innovative approach to detect phishing domains using machine learning classifiers built upon an extensive array of information combined from DNS records, IP addresses, RDAP servers, TLS certificates, and geolocation data for over 500,000 Internet domains. Using a fine-tailored vector of 143 unique features and seven classification methods, we have achieved a 0.9830 precision rate, an F1 score of 0.9770, and a remarkably low false positive rate of only 0.27%. We further examines the contribution of individual features and the overall impact of information from the utilized data sources on the decision making of the classifiers.

Název v anglickém jazyce

Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection

Popis výsledku anglicky

Phishing is a major threat, using deceptive tactics to steal sensitive information like passwords and financial details. The rapid innovation by cybercriminals and sophisticated social engineering amplify the challenges in combating phishing campaigns. Traditional blocklisting methods struggle due to the dynamic nature of the Internet and the continuous emergence of new phishing sites. Our research presents an innovative approach to detect phishing domains using machine learning classifiers built upon an extensive array of information combined from DNS records, IP addresses, RDAP servers, TLS certificates, and geolocation data for over 500,000 Internet domains. Using a fine-tailored vector of 143 unique features and seven classification methods, we have achieved a 0.9830 precision rate, an F1 score of 0.9770, and a remarkably low false positive rate of only 0.27%. We further examines the contribution of individual features and the overall impact of information from the utilized data sources on the decision making of the classifiers.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VJ02010024" target="_blank" >VJ02010024: Analýza šifrovaného provozu pomocí síťových toků</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2024 10th International Conference on Network and Service Management (CNSM)

ISBN

978-3-903176-66-9

ISSN

—

e-ISSN

—

Počet stran výsledku

7

Strana od-do

1-7

Název nakladatele

Institute of Electrical and Electronics Engineers

Místo vydání

Praha

Místo konání akce

Praha

Datum konání akce

28. 10. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—