Harvesting SSL certificate data to identify web-fraud

International Journal of Network Security

Volumn 14, Issue 6, 2012, Pages 324-338

  Almishari, Mishari ^a   De Cristofaro, Emiliano ^a   El Defrawy, Karim ^a   Tsudik, Gene ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

Certificates; Phishing; SSL; Typosquatting

Indexed keywords

CERTIFICATES; COMPREHENSIVE STUDIES; NOVEL TECHNIQUES; PHISHING; SSL; TYPOSQUATTING;

COMPUTER CRIME; CRIME;

HTTP;

EID: 84872870918     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (52)

1. Alexa.com. "Alexa ranking methodology". http: //www.alexa.com/help/traffic_learn_more/
2. Alexa.com. "The Web Information Company". http://www.alexa.com
3. D. S. Anderson, C. Fleizach, S. Savage, and G. M. Voelker, "Spamscatter: Characterizing internet scam hosting infrastructure," in USENIX Security Symposium, pp. 1-14, 2007.
4. Anti Phishing Working Group, Phishing Activity Trends Report - 3rd Quarter 2009. http://www.antiphishing.org/reports/apwg_ report_Q3_2009.pdf
5. Anti Phishing Working Group, Phishing Activity Trends Report - April 2007. http://www.antiphishing.org/reports/apwg_ report_april_2007.pdf
6. A. Banerjee, D. Barman, M. Faloutsos, and L. N. Bhuyan, "Cyber-Fraud is One Typo Away," in INFOCOM 2008, pp. 1939-1947, 2008.
7. L. Breiman, "Bagging predictors," Machine Learning, vol. 24, no. 2, pp. 123-140, 1996.
8. L. Breiman, "Random Forests," Machine Learning, vol. 45, no. 1, pp. 5-32, 2001.
9. D. Cooper and et al, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, (IETF RFC5280). http://www.ietf.org/rfc/rfc5280. txt
10. M. D. Kunder, World Wide Web Size, 2010. http: //www.worldwidewebsize.com/
11. B. Edelman, "McAUnintended adventures in browsing," Mcafee Security Journal, 2008. http: //www.mcafee.com/us/local_content/misc/threat_center/msj_unintended_adve ntures_ browsing.pdf
12. S. Egelman, L. F. Cranor, and J. Hong, "You've been warned: an empirical study of the effectiveness of web browser phishing warnings," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 1065-1074, 2008.
13. Electronic Frontier Foundation, HTTPS Everywhere, 2010. https://www.eff.org/https-everywhere
14. F-Secure, Googkle.com Installed Malware by Exploiting Browser Vulnerabilities, 2009. http://www. f-secure.com/v-descs/googkle.shtml
15. I. Fette, N. Sadeh, and A. Tomasic, "Learning to Detect Phishing Emails," in Proceedings of the 16th international conference on World Wide Web, pp. 649-656, 2007.
16. Y. Freund and R. E. Schapire, "A decision-theoretic generalization of on-line learning and an application to boosting," in European Conference on Computational Learning Theory, pp. 23-37, 1995.
17. Google.com, Parked Domain Site. http: //adwords.google.com/support/aw/bin/answer. py?hl=en&answer=50002.
18. Google.com, The Google Spell Checker. http://www. google.co.uk/help/features.html.
19. H. Lee and T. Malkin and E. Nahum, "Cryptographic strength of SSL/TLS servers: Current and recent practices," in Internet Measurement Comference, pp. 83-92, 2007.
20. S. Keats, What's In A Name: The State of Typo-Squatting, 2007. http://www.siteadvisor. com/studies/typo_squatters_nov2007.html
21. E. Kirda and C. Kruegel, Protecting Users Against Phishing Attacks, Oxford University Press, 2005.
22. M. Almid ads-portal domains: Identification and measurements
23. J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, "Beyond blacklists: learning to detect malicious web sites from suspicious URLs," in KDD 2009, pp. 1245-1254, 2009.
24. A. S. Martino and X. Perramon, "Phishing secrets: History, effects, and countermeasures," International Journal of Network Security, vol. 11, no. 3, pp. 163-171, 2010.
25. McAfee, McAfee SiteAdvisor. http://www.siteadvisor.com/.
26. T. McCall, "Gartner survey shows phishing attacks escalated in 2007; more than $3 billion lost to these attacks," 2007. http://www.gartner.com/it/page.jsp?id=565125
27. Microsoft Researc/, Screenshots of Questionable Advertisements, 2006. http://research.microsoft.com/Typo-Patrol/screenshots.htm
28. T. Mitchell, Machine Learning, McGraw Hill, 1997.
29. E. Murray, SSL Server Security Survey. http: //web.archive.org/web/20031005013455/http://www.lne.com/ericm/papers/ssl_servers.html
30. Netcraft, Netcraft SSL Survey, 2008. http://news. netcraft.com/SSL-Survey
31. OpenSSL, The OpenSSL Project, 2007. http://www. openssl.org/.
32. B. Parno, C. Kuo, and A. Perrig, "Phoolproof phishing prevention," in Proceedings of the 10th International Conference on Financial Cryptography and Data Security, pp. 1-19, 2006.
33. Phishtank.com. http://www.phishtank.com
34. J. R. Quinlan, c4.5: Programs for Machine Learning. Morgan Kaufmann, 1993.
35. J. R. Quinlan, "Bagging, boosting, and c4.5," in 13th National Conference on Artificial Intelligence and 8th Innovative Applications of Artificial Intelligence Conference, pp. 725-730, AAAI Press, 1996.
36. Z. Raza, Phishing Toolkit Attacks are Abusing SSL Certificates, 2009. http: //www.symantec.com/connect/blogs/phishing-toolkit-attacks-are-abusing-ss l-certificates
37. S. Yilek, E. Rescorla, H. Shacham, B. Enrigh, and S. Savage, "When private keys are public: Results from the 2008 debian openssl vulnerability," in Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference (IMC 2009), pp. 15-29, 2009.
38. D. M. Sena, Symantec Internet Security Threat Report Finds Malicious Activity Continues to Grow at a Record Pace, 2009. http://www.symantec.com/about/news/release/article.jsp?prid=20090413_01
39. M. Stevens, A. Lenstra, and B. D. Weger, "Chosenprefix collisions for MD5 and colliding X. 509 certificates for different identities," in Proceedings of the 26th Annual International Conference on Advances in Cryptology - Eurocrypt' 07, pp. 1-22, 2007.
40. M. Stevens, A. Sotirov, J. Appelbaum, A. Lenstra, D. Molnar, D. Osvik, and B. D. Weger, "Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate," in Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology - Crypto' 09, pp. 55-69, 2009.
41. W. Sturgeon, Serial Typo-squatters Target Security Firms, Sep. 2005. http://news.zdnet.com/2100-1009_22-5873001.html
42. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor in Usenix Security Symposium, 2009.
43. X. Tang, C. N. Manikopoulos, and S. G. Ziavras, "Generalized anomaly detection model for windowsbased malicious program behavior," International Journal of Network Security, vol. 7, no. 3, pp. 428-435, Nov. 2008.
44. VeriSign. http://www.verisign.com/.
45. Y. M. Wang, D. Beck, X. Jiang, R. Roussev, C. Verbowski, S. Chen, and S. King, "Automated web patrol with strider honeymonkeys," in Network and Distributed System Security Symposium (NDSS2006), pp. 35-49, 2006.
46. N. Weaver, HTTP is Hazardous to Your Health, 2008. http://nweaver.blogspot.com/2008/05/http-is-hazardous-to-your-health.htm l
47. L. Weinstein, Http: Must die!. http://lauren. vortex.com/archive/000338.html
48. T. Whalen and K. M. Inkpen, "Gathering evidence: use of visual security cues in web browsers," in Proceedings of Graphics Interface 2005, pp. 137-144, 2005.
49. M. Wu, R. C. Miller, and S. L. Garfinkel, "Do security toolbars actually prevent phishing attacks?," in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI' 06), pp. 601- 610, 2006.
50. M. Wu, R. C. Miller, and G. Little, "Web wallet: Preventing phishing attacks by revealing user intentions," in Proceedings of the second symposium on Usable privacy and security (SOUPS' 06), pp. 102- 113, 2006.
51. Y. Wang, D. Beck, J. Wang, C. Verbowski, and B. Daniels, "Strider typo-patrol: Discovery and analysis of systematic typo-squatting," in Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI' 06), vol. 2, pp. 31-36, July 2006.
52. Y. Zhang, S. Egelman, L. Cranor, and J. Hong, "Phinding phish: Evaluating anti-phishing tools," in Network and Distributed System Security Symposium (NDSS' 07), 2007