Harvesting SSL Certificate Data to Identify Web-Fraud

Web-fraud is one of the most unpleasant features of today's Internet. Two eminent examples of web-fraudulent activities are phishing and typosquatting. Their effects range from relatively benign (such as unwanted or unexpected ads) to downright sinister (especially, when typosquatting is combined with phishing). This paper presents a novel technique to detect web-fraud domains that utilize HTTPS. To achieve this, the authors conduct the first comprehensive study of SSL certificates for legitimate and popular domains, as opposed to those used for web-fraud. Drawing from extensive measurements, they build a classifier that detects malicious domains with high accuracy. They validate the methodology with different data sets collected from the Internet.