Lightning:Detecting phishing domains

From SHA2017 Wiki
Jump to: navigation, search
Description How can you detect if a domain or a sub-domain is used for phishing?

After analyzing a little more then 2milion dns records we hatched a plan to detect if a hostname is used for phishing using a little bit of AI.

Tags security, phishing, dns, ai, artificial intelligence
Person organizing
Language en - English
en - English
Duration 5
Desired session Day 3


I'm the Chief System Architect of Siteground and I'm sick of all of the complains we receive for hosted phishing pages on our servers.

I decided to fight this with a bit of AI. The idea was to train an Word2vec and an SVM models to detect if a newly hosted hostname is possibly registered for phishing.

We manualy selected 2000 domains that we were sure are phishing related, like the ones below:

We found around 4000 phishing hostnames with this technique and we are going to deploy it for phishing directories and files.