Detecting Ambiguous Phishing Certificates using Machine Learning

Sajad Homayoun, Kaspar David Hageman, Sam Afzal-Houshmand, Christian D. Jensen, Jens Myrup Pedersen

Research output: Contribution to book/anthology/report/conference proceedingArticle in proceedingResearchpeer-review


Recent phishing attacks have started to migrate to HTTP over TLS (HTTPS), making a phishing web page appear safe to the user's browser despite its malicious purpose. This paper benefits from both digital certificates and domains related data features to propose machine learning-based solutions to predict digital certificates involved in HTTPS as phishing or benign certificates. In contrast to previous works that consider this a binary classification problem, we take into account that a certificate can be partially benign and phishy simultaneously. We propose a multi-class classifier and a regressor to classify these ambiguous certificates, in addition to benign and phishing certificates, where the 'phishyness' of a certificate is expressed as a value between 0 and 1 for the regressor. We apply our method to a set of certificates obtained from certificate transparency logs and show that we can classify them with high performance. We extend our validation by evaluating the performance of the model over time, showing that our model generalizes over time on our training data set.

Original languageEnglish
Title of host publication2022 International Conference on Information Networking (ICOIN)
Number of pages6
Publication dateJan 2022
ISBN (Print)978-1-6654-1333-6
ISBN (Electronic)978-1-6654-1332-9
Publication statusPublished - Jan 2022
Event2022 International Conference on Information Networking (ICOIN) - Jeju-si, Korea, Republic of
Duration: 12 Jan 202215 Jan 2022


Conference2022 International Conference on Information Networking (ICOIN)
Country/TerritoryKorea, Republic of


  • Digital Certificate
  • Feature Extraction
  • Machine Learning
  • Phishing


Dive into the research topics of 'Detecting Ambiguous Phishing Certificates using Machine Learning'. Together they form a unique fingerprint.

Cite this