Detection of phishing domain names and typosquatting by using a string similarity metric

Malefactors often register phishing domains that are similar to legitimate ones. For this, subtle changes are made to legitimate domain names: rearrangements, replacements, deletions, extra characters, and misspellings. To detect phishing domains, a string similarity metric (the Jaro distance metric, the Levenshtein distance) is proposed. This method enables to simulate attacker actions by creating a list of protected legitimate domain names and generating plenty of pseudo-phishing domains. The speaker will demonstrate how to detect fake websites with high accuracy and identify legitimate domain names.