Anomaly Detection in Certificate Transparency Logs
Richard Ostert\'ag, Martin Stanek
TL;DR
This paper introduces an anomaly detection method for X.509 certificates using Isolation Forest, aiming to identify anomalies beyond standard compliance, validated on Certificate Transparency logs.
Contribution
It presents a novel anomaly detection approach for certificates that surpasses traditional compliance testing methods.
Findings
Effective detection of anomalies in certificate logs
Outperforms standard compliance testing in identifying irregularities
Validated on real-world Certificate Transparency data
Abstract
We propose an anomaly detection technique for X.509 certificates utilizing Isolation Forest. This method can be beneficial when compliance testing with X.509 linters proves unsatisfactory, and we seek to identify anomalies beyond standards compliance. The technique is validated on a sample of certificates from Certificate Transparency logs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAnomaly Detection Techniques and Applications · Network Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting