Domain phishing detection
A domain phishing detection is an obvious application of PassiveDNS, because of the data base available. A view should be created in the WEB GUI to enable searching for phishing domain candidates. Preliminary analysis was already done. There are several viable algorithms.
- Naive fulltext search is the obvious reference, but may yield a lot of non-related candidates, especially for generic domain names.
- Algorithms based on Levenshtein distance, especially the Damerau–Levenshtein variant, are generally used for natural language processing and seem to be valid for this exact application.
- Trigram distance is a different approach to the problem, capable of detecting more complex permutations of the original text.
Author: Radko Krkoš krkos@cesnet.cz