Detecting unusual certificates
Published on:
8 May 2024
Primary Category:
Cryptography and Security
Paper Authors:
Richard Ostertág,
Martin Stanek
Bullets
Key Details
Proposes anomaly detection for certificates with Isolation Forest
Analyzes certificate attributes like subject, extensions, key type/length
Identifies outliers based on unusual quantitative characteristics
Detects misconfigurations and potential problems for investigation
Shows promise when trained on certificates per domain, excluding cloud providers
Explore the topics in this paper
AI generated summary
Detecting unusual certificates
The authors propose using the Isolation Forest algorithm to detect anomalous X.509 certificates in Certificate Transparency logs. This unsupervised machine learning method builds random trees to isolate outliers. It identifies certificates significantly different from typical ones based on quantitative attributes like subject name length or public key type, without needing to pre-define anomalies. When standards compliance checks are insufficient, it can reveal potential issues needing investigation. The technique seems promising when trained on certificates for specific domains, excluding major cloud providers which dominate logs.
Answers from this paper
You might also like
Comments
No comments yet, be the first to start the conversation...
Sign up to comment on this paper