Proceedings of the XXth Conference of Open Innovations Association FRUCT (May 2023)
Domain Blacklist Efficacy for Phishing Web-page Detection Over an Extended Time Period
Abstract
Phishing domains and web pages are the most common techniques cybercriminals use and a backbone of social engineering techniques causing tremendous losses globally. A domain blacklist is one of the oldest techniques used for phishing detection and has been superseded by more modern and more accurate techniques - in practice and research. Analysis which was conducted using the 10-year phishing data from 2013 to 2022, collected from PhishTank and PhishStats websites, was aimed to calculate and assess the domain blacklist efficacy in capturing phishing web pages during this time period and for the future. The complete process consisted of data collection and consolidation - merging the data from both sources, data cleansing, and blacklist creation, followed by the analysis to calculate and collate the figures and observations. The last step was to review the gathered results and summarize the conclusions. The results show that only a small portion of the phishing domains ≈22%) re-occur and therefore are an eligible target of blacklist detection. Though, this is not a negligible number, especially when between ≈6% and ≈62% of records (from PhishTank) found in the blacklist were previously unclassified. A casual look at more recent trends doesn't provide a lot of supportive arguments in favor of blacklist as a future-proof technique either. However, the increased use of newly registered domains proves that cybercriminals must tap into the pool of new domains as current solutions utilizing blacklists effectively eliminate the re-used domains.
Keywords
