Publication Details
Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection
Horák Adam, Ing. (DIFS)
Polišenský Jan, Bc. (DIFS)
Ondryáš Ondřej, Ing. (DIFS)
Jeřábek Kamil, Ing., Ph.D. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Phishing, Domain, Detection, ML, DNS, IP, RDAP, TLS, GeoIP
Phishing is a major threat, using deceptive tactics to steal sensitive
information like passwords and financial details. The rapid innovation by
cybercriminals and sophisticated social engineering amplify the challenges in
combating phishing campaigns. Traditional blocklisting methods struggle due to
the dynamic nature of the Internet and the continuous emergence of new phishing
sites.
Our research presents an innovative approach to detect phishing domains using
machine learning classifiers built upon an extensive array of information
combined from DNS records, IP addresses, RDAP servers, TLS certificates, and
geolocation data for over 500,000 Internet domains.
Using a fine-tailored vector of 143 unique features and seven classification
methods, we have achieved a 0.9830 precision rate, an F1 score of 0.9770, and
a remarkably low false positive rate of only 0.27%.
We further examines the contribution of individual features and the overall
impact of information from the utilized data sources on the decision making of
the classifiers.
@inproceedings{BUT193325,
author="Radek {Hranický} and Adam {Horák} and Jan {Polišenský} and Ondřej {Ondryáš} and Kamil {Jeřábek} and Ondřej {Ryšavý}",
title="Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection",
booktitle="2024 10th International Conference on Network and Service Management (CNSM)",
year="2024",
pages="1--7",
publisher="Institute of Electrical and Electronics Engineers",
address="Praha",
doi="10.23919/CNSM62983.2024.10814617",
isbn="978-3-903176-66-9",
url="https://ieeexplore.ieee.org/document/10814617"
}