Lightning:Detecting phishing domains
From SHA2017 Wiki
Revision as of 18:51, 5 August 2017 by Sha2017.org-hackman (talk | contribs)
| Description | How can you detect if a domain or a sub-domain is used for phishing?
After analyzing a little more then 2milion dns records we hatched a plan to detect if a hostname is used for phishing using a little bit of AI. |
|---|---|
| Slides | |
| Website(s) | http://www.siteground.com/ |
| Tags | security, phishing, dns, ai, artificial intelligence |
| Person organizing | User:Sha2017.org-hackman |
| Contact: | mm@siteground.com |
| Language | en - English |
| Duration | 5 |
| Desired session | Day 3 |
I'm the Chief System Architect of Siteground and I'm sick of all of the complains we receive for hosted phishing pages on our servers.
I decided to fight this with a bit of AI. The idea was to train an Word2vec and an SVM models to detect if a newly hosted hostname is possibly registered for phishing.
We manualy selected 2000 domains that we were sure are phishing related, like the ones below:
ebay.co.uk.aspx.asfdfw.com amazon.com.store.3b01no.com
We found around 4000 phishing hostnames with this technique and we are going to deploy it for phishing directories and files.
