Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs

Edona Fasllija, Hasan Ferit Enişer, Bernd Prünster

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Certificate misissuance is a growing issue in the context of
phishing attacks, as it leads inexperienced users to further trust fraudulent
websites, if they are equipped with a technically valid certificate. Certificate
Transparency (CT) aims at increasing the visibility of such malicious
actions by requiring certificate authorities (CAs) to log every certificate
they issue in public, tamper-proof, append-only logs. This work introduces
Phish-Hook, a novel approach towards detecting phishing websites based
on machine learning. Phish-Hook analyses certificates submitted to the
CT system based on a conceptually simple, well-understood classification
mechanism to effectively attest the phishing likelihood of newly issued
certificates. Phish-Hook relies solely on CT log data and foregoes intricate
analyses of websites’ source code and traffic. As a consequence, we are able
to provide classification results in near real-time and in a resource-efficient
way. Our approach advances the state of the art by classifying websites
according to five different incremental certificate risk labels, instead of
assigning a binary label. Evaluation results demonstrate the effectiveness
of our approach, achieving a success rate of over 90%, while requiring
fewer, less complex input data, and delivering results in near real-time.
Originalspracheenglisch
Titel15th EAI International Conference on Security and Privacy in Communication Networks
Herausgeber (Verlag)Springer
PublikationsstatusVeröffentlicht - 23 Okt 2019
Veranstaltung15th EAI International Conference on Security and Privacy in Communication Networks - Orlando, USA / Vereinigte Staaten
Dauer: 23 Okt 201925 Okt 2019

Konferenz

Konferenz15th EAI International Conference on Security and Privacy in Communication Networks
KurztitelSecureComm 2019
LandUSA / Vereinigte Staaten
OrtOrlando
Zeitraum23/10/1925/10/19

Fingerprint

Hooks
Transparency
Labels
Websites
Visibility
Learning systems

Dies zitieren

Fasllija, E., Enişer, H. F., & Prünster, B. (2019). Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. in 15th EAI International Conference on Security and Privacy in Communication Networks Springer.

Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. / Fasllija, Edona; Enişer, Hasan Ferit; Prünster, Bernd.

15th EAI International Conference on Security and Privacy in Communication Networks. Springer, 2019.

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Fasllija, E, Enişer, HF & Prünster, B 2019, Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. in 15th EAI International Conference on Security and Privacy in Communication Networks. Springer, Orlando, USA / Vereinigte Staaten, 23/10/19.
Fasllija E, Enişer HF, Prünster B. Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. in 15th EAI International Conference on Security and Privacy in Communication Networks. Springer. 2019
Fasllija, Edona ; Enişer, Hasan Ferit ; Prünster, Bernd. / Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. 15th EAI International Conference on Security and Privacy in Communication Networks. Springer, 2019.
@inproceedings{c87dec5e098a48cb9a18177fcd502404,
title = "Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs",
abstract = "Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90{\%}, while requiringfewer, less complex input data, and delivering results in near real-time.",
author = "Edona Fasllija and Enişer, {Hasan Ferit} and Bernd Pr{\"u}nster",
year = "2019",
month = "10",
day = "23",
language = "English",
booktitle = "15th EAI International Conference on Security and Privacy in Communication Networks",
publisher = "Springer",

}

TY - GEN

T1 - Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs

AU - Fasllija, Edona

AU - Enişer, Hasan Ferit

AU - Prünster, Bernd

PY - 2019/10/23

Y1 - 2019/10/23

N2 - Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90%, while requiringfewer, less complex input data, and delivering results in near real-time.

AB - Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90%, while requiringfewer, less complex input data, and delivering results in near real-time.

M3 - Conference contribution

BT - 15th EAI International Conference on Security and Privacy in Communication Networks

PB - Springer

ER -