Harvesting SSL Certificate Data to Identify Web-Fraud

Details Harvesting SSL Certificate Data to Identify Web-Fraud Harvesting SSL Certificate Data to Identify Web-Fraud

2009-09-21

arxiv.org/abs/0909.3688v4

Computer Science

Cryptography and Security

To appear in the International Journal of Network Security

Scientific paper

Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright sinister (especially, when typosquatting is combined with phishing). This paper presents a novel technique to detect web-fraud domains that utilize HTTPS. To this end, we conduct the first comprehensive study of SSL certificates. We analyze certificates of legitimate and popular domains and those used by fraudulent ones. Drawing from extensive measurements, we build a classifier that detects such malicious domains with high accuracy.

Affiliated with

Also associated with

No associations

Rating

Harvesting SSL Certificate Data to Identify Web-Fraud does not yet have a rating. At this time, there are no reviews or comments for this scientific paper.

If you have personal experience with Harvesting SSL Certificate Data to Identify Web-Fraud, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Harvesting SSL Certificate Data to Identify Web-Fraud will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFWR-SCP-O-432044