Helena Guergis Blog Phishing Domain Detection Using Machine Learning Techniques

Phishing Domain Detection Using Machine Learning Techniques

 

phishing domain detection (or fraudulent domain) attacks are one of the most common forms of cybercrime, resulting in tremendous harm to organizations and individuals. Attackers can leverage these phishing domains to extort money or personal information from unknowing victims, and they can also use them to deliver malware, redirect web traffic, and more. In this article, we explore the characteristics of phishing domains, why they’re so difficult to detect, and how machine learning-based techniques can help.

Domain Reputation and SEO: Exploring the Connection

A phishing domain is a malicious website used by attackers to steal sensitive user information, such as passwords and bank account details. It’s often a close replica of the target organization’s official site, making it hard for users to know they are being phished. Attackers can also exploit vulnerabilities in DNS servers to change a domain’s addressing information, which causes users to land on the attacker’s site instead of the target’s site.

Phishing is most effective when it’s done via email, so attackers will attempt to impersonate the domain registrar or email service to trick unsuspecting recipients into clicking on a link that will lead them to a fake domain. This is why two-factor authentication (2FA) should always be enabled for all accounts and DMARC should be implemented to protect against email spoofing.

To understand how machine learning can help, the authors of this study analyzed a dataset of over 11,000 phishing domains with four ML techniques (SVM, ANN, RF, and DT) to compare their performance. They used the Gini index as a measure of discriminatory power and found that length, number of vowels, and number of dots were the most important features.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post