Internet Archive Scholar

Harvesting SSL Certificate Data to Identify Web-Fraud [article]

Mishari Al Mishari, Emiliano De Cristofaro, Karim El Defrawy, Gene Tsudik
2012 arXiv   pre-print

Preserved Fulltext

File Archive PDF (275.2 kB)
https://archive.org/download/arxiv-0909.3688/0909.3688.pdf

The Internet Archive has a preservation copy of this work in our general collections. The file type is application/pdf.

Other Versions

2009 pre-print
arXiv:0909.3688v1 fatcat:yh4bpon6fbe4tdn3hnvca457we
2012 pre-print
arXiv:0909.3688v3 fatcat:h2vcfihzk5h6xayakfqrcyznuq
2009 pre-print
arXiv:0909.3688v2 fatcat:37hunsxnajc5rnggtbrf7zon5q
Web-fraud is one of the most unpleasant features of today's Internet. Two well-known examples of fraudulent activities on the web are phishing and typosquatting. Their effects range from relatively benign (such as unwanted ads) to downright sinister (especially, when typosquatting is combined with phishing). This paper presents a novel technique to detect web-fraud domains that utilize HTTPS. To this end, we conduct the first comprehensive study of SSL certificates. We analyze certificates of
more » ... gitimate and popular domains and those used by fraudulent ones. Drawing from extensive measurements, we build a classifier that detects such malicious domains with high accuracy.
arXiv:0909.3688v4 fatcat:3cj37ibtsffgfjbk7ugn3wuxqy
Multiple Versions
Citation

Mishari Al Mishari, Emiliano De Cristofaro, Karim El Defrawy, Gene Tsudik. "Harvesting SSL Certificate Data to Identify Web-Fraud." arXiv (2012)