Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning

Ghaleb, Fuad A.; Alsaedi, Mohammed; Saeed, Faisal; Ahmad, Jawad; Alasli, Mohammed

doi:10.3390/s22093373

Cited by 35 publications

(15 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In another study, Alsaedi et al [ 28 ] enhanced the accuracy of identifying harmful Uniform Resource Locators (URLs) by creating a detection model that uses CTI and two-stage ensemble learning. The model utilizes attributes extracted from internet searches and features based on CTI to enhance detection performance.…”

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

Cybersecurity is a significant concern for businesses worldwide, as cybercriminals target business data and system resources. Cyber threat intelligence (CTI) enhances organizational cybersecurity resilience by obtaining, processing, evaluating, and disseminating information about potential risks and opportunities inside the cyber domain. This research investigates how companies can employ CTI to improve their precautionary measures against security breaches. The study follows a systematic review methodology, including selecting primary studies based on specific criteria and quality valuation of the selected papers. As a result, a comprehensive framework is proposed for implementing CTI in organizations. The proposed framework is comprised of a knowledge base, detection models, and visualization dashboards. The detection model layer consists of behavior-based, signature-based, and anomaly-based detection. In contrast, the knowledge base layer contains information resources on possible threats, vulnerabilities, and dangers to key assets. The visualization dashboard layer provides an overview of key metrics related to cyber threats, such as an organizational risk meter, the number of attacks detected, types of attacks, and their severity level. This relevant systematic study also provides insight for future studies, such as how organizations can tailor their approach to their needs and resources to facilitate more effective collaboration between stakeholders while navigating legal/regulatory constraints related to information sharing.

show abstract

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Alsaedi et al [17] proposed an ensemble model with RF and MLP. RF is used for pre-classification while MLP is used for decision-making.…”

Section: Related Workmentioning

confidence: 99%

Hybrid Approach for Phishing Website Detection Using Classification Algorithms

Raj

Jothi

2022

paradigmplus

View full text Add to dashboard Cite

The internet has significantly altered how we work and interact with one another.Statistics show 63.1 % of the present world population are internet users. This clearly indicates how heavily man is dependent on digital media. Digital media users are on the rise and so is the incidence of cyber crimes. People who lack experience and knowledge are more vulnerable and susceptible to phishing scams.The victims experience severe consequences as their personal credentials are at stake. Phishers use publicly available sources to acquire details about the victim's professional and personal history.Countermeasures must be implemented with the highest priority. Detection of malicious websites can significantly reduce the risk of phishing attempts.In this research, a highly accurate website phishing detection method based on URL features is proposed. We investigated eight existing machine learning classification techniques for this, including extreme gradient boosting (XGBoost), random forest (RF), adaptive boosting (AdaBoost), decision trees (DT), K-nearest neighbors (KNN), support vector machines (SVM), logistic regression and naïve bayes (NB) to detect malicious websites.The results show that XGboost had the best accuracy with a score of 96.71%, followed by random forest and AdaBoost.We further experimented with various hybrid combinations of the top three classifiers and observed that XGboost-Random Forest hybrid algorithms produced the best results.The hybrid model classified the websites as legitimate or phishing with an accuracy of 97.07%.

show abstract

“…Research [9] aims to improve the accuracy of malicious URL detection by designing and developing a malicious URL detection model based on cyber threat analytics using two-stage ensemble learning. Here, a two-stage ensemble learning model combines a random forest (RF) algorithm for pre-classification with a multi-level perceptron (MLP) for the final decision.…”

Section: Related Workmentioning

confidence: 99%

Solving the Problem of Detecting Phishing Websites Using Ensemble Learning Models

Kaibassova

Nurtay

Tau

et al. 2022

sjaitu

View full text Add to dashboard Cite

Due to the popularity of the easiest way to obtain personal information among attackers, phishing detection is becoming a popular area for research aimed at countering the implementation of such attacks. Malicious website detection is essential to prevent the spread of malware and protect end users from victims. Unfortunately, malicious URL detection still needs to be better understood due to a lack of features and inaccurate classification. Possible sources were examined in order to investigate the subject. Based on the collected information from previous studies, this study is devoted to solving the problem of detecting phishing websites using Ensemble Learning. The aim of the work is to choose the most optimal algorithm for classifying phishing websites using gradient boosting algorithms. AdaBoost, CatBoost, and Gradient Boosting Classifier were chosen as Ensemble Learning algorithms and were used to improve the efficiency of classifiers. Practical studies of the parameters of each algorithm for finding the optimal classification model are given. Research and experiments were carried out on a dataset containing information extracted from the contents of a URL: main URL, domain, directory, and file. A thorough Exploratory Data Analysis (EDA) was carried out, as a result of which the main dependencies and patterns of determining phishing resources were identified using correlation analysis. ROC AUC Score was chosen as an evaluation metric for the algorithms. The best result for predicting phishing websites was demonstrated by the AdaBoost Classifier algorithm, with an average ROC AUC score of 99%. The results of the experiments were illustrated in the form of graphs and tables.

show abstract

Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning

Cited by 35 publications

References 38 publications

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Hybrid Approach for Phishing Website Detection Using Classification Algorithms

Solving the Problem of Detecting Phishing Websites Using Ensemble Learning Models

Contact Info

Product

Resources

About