Malicious URL protection based on attackers' habitual behavioral analysis

Kim, Sung-Jin; Kim, Jinkook; Kang, Brent Byunghoon

doi:10.1016/j.cose.2018.01.013

Cited by 35 publications

(24 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The method consists of rolling back the virtual machine to the startup state in response to a trigger event of the virtual machine and loading the page content of the target URL for malicious detection. sung in Kim et al [2] analyzed the attacker's tactical behavior regarding URLs and extracted common features, divided them into three different feature pools to determine the degree of harm of unknown URLs, and used similarity matching techniques to improve the detection rate. This approach covers a large number of malicious URLs with a small set of features and the method only needs to examine the attributes of the URLs.Quan et al [3] proposed a new lexical approach to classify URLs by using machine learning techniques.…”

Section: Current Status Of Domestic and International Researchmentioning

confidence: 99%

See 1 more Smart Citation

Malicious URL Detection Algorithm Based on Multi Neural Network Series

Xiu¹,

Bian²,

Wu³

2021

Preprint

View full text Add to dashboard Cite

Convolutional neural network based on attention mechanism and a bidirectional independent recurrent neural network tandem joint algorithm (CATIR) are proposed. In natural language processing related technologies, word vector features are extracted based on URLs, and the extracted URL information features and host information features are merged. The proposed CATIR algorithm uses CNN (Convolutional Neural Network) to obtain the deep local features in the data, uses the Attention mechanism to adjust the weights, and uses IndRNN (Independent Recurrent Neural Network) to obtain the global features in the data. The experimental results shows that the CATIR algorithm has significantly improved the accuracy of malicious URL detection based on traditional algorithms to 96.9%. Keywords: Malicious URL; CATIR; word vector feature; detection

show abstract

Section: Current Status Of Domestic and International Researchmentioning

confidence: 99%

“…Author details 1 School of information Technology and Engineering, Guangzhou College of Commerce, Guangzhou 510700, Guangdong, People's Republic of China. 2 College of Internet Finance and Information Engineering, Guangdong University of Finance, Guangzhou 510521, Guangdong, People's Republic of China.…”

Section: Availability Of Data and Materialsmentioning

confidence: 99%

Malicious URL Detection Algorithm Based on Multi Neural Network Series

Xiu¹,

Bian²,

Wu³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…To detect Malicious URL that leads to an exploit kit site, Eshete et al [9] and Kim et al [10] leveraged the abnormal behavior of EKs. WebWinnow [11] analyzed workflow of exploit kits and extracted features from their attack-centric and self-defense behavior.…”

Section: Background and Related Work A Exploit Kitsmentioning

confidence: 99%

“…WebWinnow [11] analyzed workflow of exploit kits and extracted features from their attack-centric and self-defense behavior. Kim et al [10] focused on attackers' habitual URL manipulation behavior and then employed similarity matching to classify suspicious URLs that have a similar character array.…”

Section: Background and Related Work A Exploit Kitsmentioning

confidence: 99%

The Image Game: Exploit Kit Detection Based on Recursive Convolutional Neural Networks

2020

Self Cite

View full text Add to dashboard Cite

Malware has been installed through drive-by downloads via exploit kit attacks. However, the prior signature-or dynamic-based detection approach to the continuously increasing number of suspicious samples is time-consuming. In such circumstances, convolutional neural networks (ConvNets) can help in rapid detection owing to their direct image-feature generation using exploit codes. However, the general ConvNet model entails the vanishing gradient problem, where the features used for a deep learning-based detection method will become less effective as the network is deepened to improve detection accuracy. In this paper, we propose a multiclass ConvNet model to classify exploit kits, where we adopt various image processing techniques and adjust the size and other parameters of images. The proposed ConvNet model recursively updates images and is designed for fully preserving image properties. This model updates the output of feature maps and pooling using an original image. This model was tested using 36,863 real-world datasets, achieving a 98.2% accuracy in exploit kit detection and family classification. Most importantly, the proposed model is 38 times faster than previous machine learning models, and training time is reduced by 77.8% when compared with prior well-known ConvNet models. INDEX TERMS Exploit kit, image processing, ConvNet, image classification.

show abstract

“…The method consists of rolling back the virtual machine to the startup state in response to a trigger event of the virtual machine and loading the page content of the target URL for malicious detection. sung in Kim et al [2] analyzed the malicious URL protection of attackers' behavior habits, extracted common features, and put them in three different function pools to determine the harm degree of unknown URL, and used similarity matching techniques to improve the detection rate. The method covers a large number of malicious URLs with a small feature set, and only needs to check the properties of the URL.…”

Section: Introductionmentioning

confidence: 99%