Published on:
8 May 2024
Primary Category:
Cryptography and Security
Paper Authors:
Richard Ostertág,
Martin Stanek
Proposes anomaly detection for certificates with Isolation Forest
Analyzes certificate attributes like subject, extensions, key type/length
Identifies outliers based on unusual quantitative characteristics
Detects misconfigurations and potential problems for investigation
Shows promise when trained on certificates per domain, excluding cloud providers
Detecting unusual certificates
The authors propose using the Isolation Forest algorithm to detect anomalous X.509 certificates in Certificate Transparency logs. This unsupervised machine learning method builds random trees to isolate outliers. It identifies certificates significantly different from typical ones based on quantitative attributes like subject name length or public key type, without needing to pre-define anomalies. When standards compliance checks are insufficient, it can reveal potential issues needing investigation. The technique seems promising when trained on certificates for specific domains, excluding major cloud providers which dominate logs.
No comments yet, be the first to start the conversation...
Sign up to comment on this paper