Visible to the public Biblio

Filters: Keyword is Malicious URL  [Clear All Filters]
2023-05-11
Saxena, Aditi, Arora, Akarshi, Saxena, Saumya, Kumar, Ashwni.  2022.  Detection of web attacks using machine learning based URL classification techniques. 2022 2nd International Conference on Intelligent Technologies (CONIT). :1–13.
For a long time, online attacks were regarded to pose a severe threat to web - based applications, websites, and clients. It can bypass authentication methods, steal sensitive information from datasets and clients, and also gain ultimate authority of servers. A variety of ways for safeguarding online apps have been developed and used to deal the website risks. Based on the studies about the intersection of cybersecurity and machine learning, countermeasures for identifying typical web assaults have recently been presented (ML). In order to establish a better understanding on this essential topic, it is necessary to study ML methodologies, feature extraction techniques, evaluate datasets, and performance metrics utilised in a systematic manner. In this paper, we go through web security flaws like SQLi, XSS, malicious URLs, phishing attacks, path traversal, and CMDi in detail. We also go through the existing security methods for detecting these threats using machine learning approaches for URL classification. Finally, we discuss potential research opportunities for ML and DL-based techniques in this category, based on a thorough examination of existing solutions in the literature.
2023-01-20
Fujii, Shota, Kawaguchi, Nobutaka, Kojima, Shoya, Suzuki, Tomoya, Yamauchi, Toshihiro.  2022.  Design and Implementation of System for URL Signature Construction and Impact Assessment. 2022 12th International Congress on Advanced Applied Informatics (IIAI-AAI). :95–100.
The attacker’s server plays an important role in sending attack orders and receiving stolen information, particularly in the more recent cyberattacks. Under these circumstances, it is important to use network-based signatures to block malicious communications in order to reduce the damage. However, in addition to blocking malicious communications, signatures are also required not to block benign communications during normal business operations. Therefore, the generation of signatures requires a high level of understanding of the business, and highly depends on individual skills. In addition, in actual operation, it is necessary to test whether the generated signatures do not interfere with benign communications, which results in high operational costs. In this paper, we propose SIGMA, a system that automatically generates signatures to block malicious communication without interfering with benign communication and then automatically evaluates the impact of the signatures. SIGMA automatically extracts the common parts of malware communication destinations by clustering them and generates multiple candidate signatures. After that, SIGMA automatically calculates the impact on normal communication based on business logs, etc., and presents the final signature to the analyst, which has the highest blockability of malicious communication and non-blockability of normal communication. Our objectives with this system are to reduce the human factor in generating the signatures, reduce the cost of the impact evaluation, and support the decision of whether to apply the signatures. In the preliminary evaluation, we showed that SIGMA can automatically generate a set of signatures that detect 100% of suspicious URLs with an over-detection rate of just 0.87%, using the results of 14,238 malware analyses and actual business logs. This result suggests that the cost for generation of signatures and the evaluation of their impact on business operations can be suppressed, which used to be a time-consuming and human-intensive process.
2022-10-12
Li, Chunzhi.  2021.  A Phishing Detection Method Based on Data Mining. 2021 3rd International Conference on Applied Machine Learning (ICAML). :202—205.
Data mining technology is a very important technology in the current era of data explosion. With the informationization of society and the transparency and openness of information, network security issues have become the focus of concern of people all over the world. This paper wants to compare the accuracy of multiple machine learning methods and two deep learning frameworks when using lexical features to detect and classify malicious URLs. As a result, this paper shows that the Random Forest, which is an ensemble learning method for classification, is superior to 8 other machine learning methods in this paper. Furthermore, the Random Forest is even superior to some popular deep neural network models produced by famous frameworks such as TensorFlow and PyTorch when using lexical features to detect and classify malicious URLs.
2020-12-11
Huang, S., Chuang, T., Huang, S., Ban, T..  2019.  Malicious URL Linkage Analysis and Common Pattern Discovery. 2019 IEEE International Conference on Big Data (Big Data). :3172—3179.

Malicious domain names are consistently changing. It is challenging to keep blacklists of malicious domain names up-to-date because of the time lag between its creation and detection. Even if a website is clean itself, it does not necessarily mean that it won't be used as a pivot point to redirect users to malicious destinations. To address this issue, this paper demonstrates how to use linkage analysis and open-source threat intelligence to visualize the relationship of malicious domain names whilst verifying their categories, i.e., drive-by download, unwanted software etc. Featured by a graph-based model that could present the inter-connectivity of malicious domain names in a dynamic fashion, the proposed approach proved to be helpful for revealing the group patterns of different kinds of malicious domain names. When applied to analyze a blacklisted set of URLs in a real enterprise network, it showed better effectiveness than traditional methods and yielded a clearer view of the common patterns in the data.

2020-04-17
Burgess, Jonah, Carlin, Domhnall, O'Kane, Philip, Sezer, Sakir.  2019.  MANiC: Multi-step Assessment for Crypto-miners. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1—8.

Modern Browsers have become sophisticated applications, providing a portal to the web. Browsers host a complex mix of interpreters such as HTML and JavaScript, allowing not only useful functionality but also malicious activities, known as browser-hijacking. These attacks can be particularly difficult to detect, as they usually operate within the scope of normal browser behaviour. CryptoJacking is a form of browser-hijacking that has emerged as a result of the increased popularity and profitability of cryptocurrencies, and the introduction of new cryptocurrencies that promote CPU-based mining. This paper proposes MANiC (Multi-step AssessmeNt for Crypto-miners), a system to detect CryptoJacking websites. It uses regular expressions that are compiled in accordance with the API structure of different miner families. This allows the detection of crypto-mining scripts and the extraction of parameters that could be used to detect suspicious behaviour associated with CryptoJacking. When MANiC was used to analyse the Alexa top 1m websites, it detected 887 malicious URLs containing miners from 11 different families and demonstrated favourable results when compared to related CryptoJacking research. We demonstrate that MANiC can be used to provide insights into this new threat, to identify new potential features of interest and to establish a ground-truth dataset, assisting future research.

2017-02-27
Li-xiong, Z., Xiao-lin, X., Jia, L., Lu, Z., Xuan-chen, P., Zhi-yuan, M., Li-hong, Z..  2015.  Malicious URL prediction based on community detection. 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC). :1–7.

Traditional Anti-virus technology is primarily based on static analysis and dynamic monitoring. However, both technologies are heavily depended on application files, which increase the risk of being attacked, wasting of time and network bandwidth. In this study, we propose a new graph-based method, through which we can preliminary detect malicious URL without application file. First, the relationship between URLs can be found through the relationship between people and URLs. Then the association rules can be mined with confidence of each frequent URLs. Secondly, the networks of URLs was built through the association rules. When the networks of URLs were finished, we clustered the date with modularity to detect communities and every community represents different types of URLs. We suppose that a URL has association with one community, then the URL is malicious probably. In our experiments, we successfully captured 82 % of malicious samples, getting a higher capture than using traditional methods.