Today, despite the use of dynamic password, we still see the launch of phishing websites of bank payment gateways, phishing of Internet banks, phishing sites in the country, and websites that publish fake malware and steal dynamic password. The phishing domain detection system developed by Apay Shahrood Specialized Center monitors a huge range of phishing domains in real time within a short period of time after registering the domain and receiving the SSL certificate. This system has been used since 2019 and in Apa Shahroud center for early detection of phishing domains. Extracting new domains from existing sources (including event reports published by the Certificate Transparency mechanism by digital certificate centers in the world) and determining the percentage risk of suspiciousness of each new domain with the help of intelligent classification models designed in this system has been an effective step in early detection of domains. suspect in the country.
Components of the phishing domain detection system:
- monitoring
- X.509 standard
- log refinement
- Website Refinement
- Domain storage
- Periodic refinement
- Notices
Several classification algorithms are embedded in this system, including a rules-based algorithm, the possibility of localizing its rules by the system administrator is also provided. For this purpose, a rule description language has been designed in the system, which allows the definition of specific rules for hunting suspicious domains at specific times and for specific applications. Criminals generally use a variety of topics to entice a victim to visit a phishing site. One of the unique features of this system is the possibility of monitoring such campaigns, which are usually widely launched by criminals in a period of time.
