Difference between revisions of "Lightning:Detecting phishing domains"

Latest revision as of 18:51, 5 August 2017

Description	How can you detect if a domain or a sub-domain is used for phishing? After analyzing a little more then 2milion dns records we hatched a plan to detect if a hostname is used for phishing using a little bit of AI.
Slides
Website(s)	http://www.siteground.com/
Tags	security, phishing, dns, ai, artificial intelligence
Person organizing	User:Sha2017.org-hackman Sha2017.org-hackman
Contact:	mm@siteground.com
Language	en - English en - English
Duration	5
Desired session	Day 3

refresh

I'm the Chief System Architect of Siteground and I'm sick of all of the complains we receive for hosted phishing pages on our servers.

I decided to fight this with a bit of AI. The idea was to train an Word2vec and an SVM models to detect if a newly hosted hostname is possibly registered for phishing.

We manualy selected 2000 domains that we were sure are phishing related, like the ones below:

 ebay.co.uk.aspx.asfdfw.com
 amazon.com.store.3b01no.com

We found around 4000 phishing hostnames with this technique and we are going to deploy it for phishing directories and files.

@@ Line 2: / Line 2: @@
 |Is organized by=Sha2017.org-hackman
 |Has orga contact=mm@siteground.com
+|Has website=http://www.siteground.com/
 |Has description=How can you detect if a domain or a sub-domain is used for phishing?
 After analyzing a little more then 2milion dns records we hatched a plan to detect if a hostname is used for phishing using a little bit of AI.

Difference between revisions of "Lightning:Detecting phishing domains"

Latest revision as of 18:51, 5 August 2017

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Forms

Information

Wiki

Tools