Lightning:Detecting phishing domains
|Description|| How can you detect if a domain or a sub-domain is used for phishing?
After analyzing a little more then 2milion dns records we hatched a plan to detect if a hostname is used for phishing using a little bit of AI.
|Tags||security, phishing, dns, ai, artificial intelligence|
|Language|| en - English |
en - English
|Desired session||Day 3|
I'm the Chief System Architect of Siteground and I'm sick of all of the complains we receive for hosted phishing pages on our servers.
I decided to fight this with a bit of AI. The idea was to train an Word2vec and an SVM models to detect if a newly hosted hostname is possibly registered for phishing.
We manualy selected 2000 domains that we were sure are phishing related, like the ones below:
We found around 4000 phishing hostnames with this technique and we are going to deploy it for phishing directories and files.