Publication Details
Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection
Horák Adam, Ing. (DIFS FIT BUT)
Polišenský Jan, Bc. (DIFS FIT BUT)
Ondryáš Ondřej, Ing. (DIFS FIT BUT)
Jeřábek Kamil, Ing., Ph.D. (DIFS FIT BUT)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT)
Phishing, Domain, Detection, ML, DNS, IP, RDAP, TLS, GeoIP
Phishing is a major threat, using deceptive tactics to steal sensitive information like passwords and financial details. The rapid innovation by cybercriminals and sophisticated social engineering amplify the challenges in combating phishing campaigns. Traditional blocklisting methods struggle due to the dynamic nature of the Internet and the continuous emergence of new phishing sites.
Our research presents an innovative approach to detect phishing domains using machine learning classifiers built upon an extensive array of information combined from DNS records, IP addresses, RDAP servers, TLS certificates, and geolocation data for over 500,000 Internet domains.
Using a fine-tailored vector of 143 unique features and seven classification methods, we have achieved a 0.9830 precision rate, an F1 score of 0.9770, and a remarkably low false positive rate of only 0.27%.
We further examines the contribution of individual features and the overall impact of information from the utilized data sources on the decision making of the classifiers.
@INPROCEEDINGS{FITPUB13234,
author = "Radek Hranick\'{y} and Adam Hor\'{a}k and Jan Poli\v{s}ensk\'{y} and Ond\v{r}ej Ondry\'{a}\v{s} and Kamil Je\v{r}\'{a}bek and Ond\v{r}ej Ry\v{s}av\'{y}",
title = "Spotting the Hook: Leveraging Domain Data for Advanced Phishing Detection",
pages = "1--7",
booktitle = "2024 10th International Conference on Network and Service Management (CNSM)",
year = 2024,
location = "Praha, CZ",
publisher = "Institute of Electrical and Electronics Engineers",
ISBN = "978-3-903176-66-9",
doi = "10.23919/CNSM62983.2024.10814617",
language = "english",
url = "https://www.fit.vut.cz/research/publication/13234"
}