Abstract
Due to the development of E-commerce, phishing attacks are one of the major current cyber threats. Phishing attacks have become increasingly sophisticated and have exploited both individuals and organizations. For the enterprise, a successful duplicate phishing website may affect an organizations reputation or be the basis of a subdomain takeover attack. This latter attack can completely escape the detection of an SSL certificate and have a direct impact on the enterprise. A successful subdomain takeover attack has a higher threat level as a controllable subdomain owns the same SSL certificate with its parent website, and yet it does not require an advanced technical skill to exploit. In this paper, two techniques have been presented as potential solutions. One is a query approach based on machine learning for querying existing subdomains and the second is an auto-detection system to identify the potentially risky subdomains.
Original language | English |
---|---|
Number of pages | 10 |
DOIs | |
Publication status | E-pub ahead of print - 12 Jul 2021 |
Keywords
- Phishing
- Subdomain Enumeration Tools
- Subdomain Takeover Attack
- Subdomain Takeover Detection