Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Security BSides San Francisco via YouTube
Overview
Explore a Python-based framework for building a predictive pipeline to rapidly detect phishing domains in this 30-minute conference talk from BSidesSF 2018. Delve into the impact of free SSL services on threat actors' ability to create convincing phishing sites, and learn how the Certificate Transparency log network can be leveraged to monitor SSL certificates in real-time. Discover how supervised machine learning can be applied to detect new phishing domains, and gain insights into the implementation process, including data acquisition, domain name analysis, and logistic regression. Follow along as the speaker demonstrates the framework using a Jupiter Notebook, covering topics such as Levenshtein distance, targeted brands, top-level domains, and confusion matrices.
Syllabus
Introduction
About Wes
Agenda
Certificate Transparency Log Network
Calidog Security
Phishing Attacks
Characterization
Supervised Learning
Implement Implementation
Data Acquisition
Domain Names
Popular Brands
Levenstein Distance
Targeted Brands
TopLevel Domains
Logistic Regression
Confusion Matrix
Phishing
Jupiter Notebook
Taught by
Security BSides San Francisco