ICACT20230129 Question.1
Questioner: 7022211005@mhs.its.ac.id 2023-02-20 ¿ÀÈÄ 5:40:01 |
ICACT20230129 Answer.1
Answer by Auhor h22001iy@edu.tuis.ac.jp 2023-02-20 ¿ÀÈÄ 5:40:01
Chrome  Click!! |
| Dear authors,
Based on slide 5 states that phishers frequently change domain names and IP addresses of website to avoid detection. Do this research observes this event by DNS graph as long as observed days? Thank you |
Thank you for your question.
Yes, we are currently monitoring the lifecycle of phishing sites, including changes to phishing domains and IPs.
We do this by monitoring the HTTP and HTTPS responses of phishing sites that have already been reported.
However, identifying the next active domain after a phishing site has been shut down is still an area for future work. (See slide 17)
Currently, we rely on reports from the community such as PhishTank, PhishStats, OpenPhish, and the Council of Anti-Phishing Japan. |
ICACT20230129 Question.14
Questioner: m11007503@gapps.ntust.edu.tw 2023-02-20 ¿ÀÈÄ 1:32:10 |
ICACT20230129 Answer.14
Answer by Auhor h22001iy@edu.tuis.ac.jp 2023-02-20 ¿ÀÈÄ 1:32:10
Chrome Click!! |
| Thank you for the explanation about the DNS Analysis. Some of Phishing website recently using redirect link as before showing the phishing website. For the example, if we visit malicious website, it will not automatically display the phishing website, but it will be redirect a few times and finally end up in the phishing website. The question, is the DNS analysis using digital certificates could determine this type of phishing method? because the website using more than one domain site or certificate before showing the phishing website. Thank you. |
Thank you for your question.
In order to analyze phishing sites using the DNS graph method used in this study, the domain must be listed in the CT log and either the domain or its corresponding component domains must be tagged as phishing.
In other words, there's no need to consider whether phishing sites use redirects if they meet the criteria.
On the other hand, if they don't meet these criteria, they are excluded from the analysis in this study because they are not reflected in the DNS graph.
In my opinion, phishing sites that use redirects are not easily distinguishable in the DNS graph due to their use of multiple unrelated domains.
As a future work, I would like to consider analyzing the redirect links on the DNS graph.
Thank you. |
ICACT20230129 Question.2
Questioner: nvlinh@cs.ccu.edu.tw 2023-02-20 ¿ÀÈÄ 5:54:54 |
ICACT20230129 Answer.2
Answer by Auhor h22001iy@edu.tuis.ac.jp 2023-02-20 ¿ÀÈÄ 5:54:54
Chrome Click!! |
| What are your contributions? You may consider comparing the system performance with the other studies |
Thank you for your question.
The main contributions are as follows:
(1) DNS graphs of domain names and IP addresses belonging to HTTPS-enabled phishing websites were constructed and analyzed.
(2) The primary differences between the DNS graphs of benign and phishing websites are the mean number of nodes per component, and that of the average node degree per component.
(3) With regard to the clustering coefficient, few differences were observed between the benign and phishing websites corresponding to components with 10 or more nodes.
For this study, we only conducted analysis and did not compare our results with other methods. We plan to address this as a future work.
Thank you. |
ICACT20230129 Question.3
Questioner: m11007505@mail.ntust.edu.tw 2023-02-20 ¿ÀÈÄ 5:54:01 |
ICACT20230129 Answer.3
Answer by Auhor h22001iy@edu.tuis.ac.jp 2023-02-20 ¿ÀÈÄ 5:54:01
Chrome Click!! |
| Thank you for you presentation! As mentioned, you collect phishing domain records on other sites like PhishTank. I'm curious whether these phishing records can keep up with the update speed of phishing websites in reality, and whether it will affect the detection performance of your system?
Best regards. |
As you mentioned, reporting to the community is slow and cannot keep up with the frequent domain and IP changes of phishing sites.
However, this research has revealed distinctive components of phishing websites.
As a future work, we would like to apply the results of this research to propose a method for detecting unknown phishing sites.
Thank you. |
