Money Talks: Detection of Disposable Phishing Websites by Analyzing Its Building Costs.

Websites unfortunately play a powerful role in delivering malicious content to users during cyberattacks. In particular, the threat of phishing websites that tricks users by abusing their corporate and brand names is increasing. Building a website requires infrastructure costs (e.g., domain name fees) and operational costs (e.g., managing server settings). Additionally, many companies spend considerable resources managing their own IT assets and security countermeasures. Even when phishing websites are taken down, attackers persist by scrapping and rebuilding them, as doing so is inexpensive. Notably, there are significant differences in website building costs between companies and attackers. In this study, we propose a method of analyzing the costs incurred in a process of building websites from domain name registration to website deployment to detect phishing websites. We evaluate our method using data from 1,082 large corporate websites and 1,163 phishing websites. As a result, our method achieves a detection performance of 95% precision and 96% recall. In addition, we show that our method still achieves a 95% recall for 866 phishing websites even after six months and the indicator of website building costs is robust to concept drift. We further discuss the applicability of the cost indicator.