Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs

Edona Fasllija, Hasan Ferit Enişer, Bernd Prünster

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Certificate misissuance is a growing issue in the context of
phishing attacks, as it leads inexperienced users to further trust fraudulent
websites, if they are equipped with a technically valid certificate. Certificate
Transparency (CT) aims at increasing the visibility of such malicious
actions by requiring certificate authorities (CAs) to log every certificate
they issue in public, tamper-proof, append-only logs. This work introduces
Phish-Hook, a novel approach towards detecting phishing websites based
on machine learning. Phish-Hook analyses certificates submitted to the
CT system based on a conceptually simple, well-understood classification
mechanism to effectively attest the phishing likelihood of newly issued
certificates. Phish-Hook relies solely on CT log data and foregoes intricate
analyses of websites’ source code and traffic. As a consequence, we are able
to provide classification results in near real-time and in a resource-efficient
way. Our approach advances the state of the art by classifying websites
according to five different incremental certificate risk labels, instead of
assigning a binary label. Evaluation results demonstrate the effectiveness
of our approach, achieving a success rate of over 90%, while requiring
fewer, less complex input data, and delivering results in near real-time.
Original languageEnglish
Title of host publication15th EAI International Conference on Security and Privacy in Communication Networks
PublisherSpringer
Publication statusPublished - 23 Oct 2019
Event15th EAI International Conference on Security and Privacy in Communication Networks - Orlando, United States
Duration: 23 Oct 201925 Oct 2019

Conference

Conference15th EAI International Conference on Security and Privacy in Communication Networks
Abbreviated titleSecureComm 2019
CountryUnited States
CityOrlando
Period23/10/1925/10/19

Fingerprint

Hooks
Transparency
Labels
Websites
Visibility
Learning systems

Cite this

Fasllija, E., Enişer, H. F., & Prünster, B. (2019). Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. In 15th EAI International Conference on Security and Privacy in Communication Networks Springer.

Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. / Fasllija, Edona; Enişer, Hasan Ferit; Prünster, Bernd.

15th EAI International Conference on Security and Privacy in Communication Networks. Springer, 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Fasllija, E, Enişer, HF & Prünster, B 2019, Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. in 15th EAI International Conference on Security and Privacy in Communication Networks. Springer, 15th EAI International Conference on Security and Privacy in Communication Networks, Orlando, United States, 23/10/19.
Fasllija E, Enişer HF, Prünster B. Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. In 15th EAI International Conference on Security and Privacy in Communication Networks. Springer. 2019
Fasllija, Edona ; Enişer, Hasan Ferit ; Prünster, Bernd. / Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs. 15th EAI International Conference on Security and Privacy in Communication Networks. Springer, 2019.
@inproceedings{c87dec5e098a48cb9a18177fcd502404,
title = "Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs",
abstract = "Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90{\%}, while requiringfewer, less complex input data, and delivering results in near real-time.",
author = "Edona Fasllija and Enişer, {Hasan Ferit} and Bernd Pr{\"u}nster",
year = "2019",
month = "10",
day = "23",
language = "English",
booktitle = "15th EAI International Conference on Security and Privacy in Communication Networks",
publisher = "Springer",

}

TY - GEN

T1 - Phish-Hook: Detecting Phishing Certificates Using Certificate Transparency Logs

AU - Fasllija, Edona

AU - Enişer, Hasan Ferit

AU - Prünster, Bernd

PY - 2019/10/23

Y1 - 2019/10/23

N2 - Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90%, while requiringfewer, less complex input data, and delivering results in near real-time.

AB - Certificate misissuance is a growing issue in the context ofphishing attacks, as it leads inexperienced users to further trust fraudulentwebsites, if they are equipped with a technically valid certificate. CertificateTransparency (CT) aims at increasing the visibility of such maliciousactions by requiring certificate authorities (CAs) to log every certificatethey issue in public, tamper-proof, append-only logs. This work introducesPhish-Hook, a novel approach towards detecting phishing websites basedon machine learning. Phish-Hook analyses certificates submitted to theCT system based on a conceptually simple, well-understood classificationmechanism to effectively attest the phishing likelihood of newly issuedcertificates. Phish-Hook relies solely on CT log data and foregoes intricateanalyses of websites’ source code and traffic. As a consequence, we are ableto provide classification results in near real-time and in a resource-efficientway. Our approach advances the state of the art by classifying websitesaccording to five different incremental certificate risk labels, instead ofassigning a binary label. Evaluation results demonstrate the effectivenessof our approach, achieving a success rate of over 90%, while requiringfewer, less complex input data, and delivering results in near real-time.

M3 - Conference contribution

BT - 15th EAI International Conference on Security and Privacy in Communication Networks

PB - Springer

ER -