Malicious URL protection based on attackers' habitual behavioral analysis
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Kim, Sungjin | ko |
| dc.contributor.author | Kim, Jinbok | ko |
| dc.contributor.author | Kang, Brent Byunghoon | ko |
| dc.date.accessioned | 2018-10-19T00:50:36Z | - |
| dc.date.available | 2018-10-19T00:50:36Z | - |
| dc.date.created | 2018-02-24 | - |
| dc.date.created | 2018-02-24 | - |
| dc.date.created | 2018-02-24 | - |
| dc.date.issued | 2018-08 | - |
| dc.identifier.citation | COMPUTERS & SECURITY, v.77, pp.790 - 806 | - |
| dc.identifier.issn | 0167-4048 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/246179 | - |
| dc.description.abstract | In terms of URL-based features, some studies have classified malicious URLs into a group with the same attributes. However, the malicious URLs are of two different types, each of which produces entirely different results. Thus, depending on their intention, adversaries leave slightly different behavioral traces within the malicious URLs. This paper presents an in-depth empirical study conducted based on 1,529,433 malicious URLs collected over the past two years. In particular, we analyze attackers' tactical behavior regarding URLs and extract common features. We then divide them into three different feature pools to determine the level of compromise of unknown URLs. To leverage detection rates, we employ a similarity matching technique. We believe that new URLs can be identified through attackers' habitual URL manipulation behaviors. This approach covers a large set of malicious URLs with small feature sets. The accuracy of the proposed approach (up to 70%) is reasonable and the approach requires only the attributes of URLs to be examined. This model can be utilized during preprocessing to determine whether input URLs are benign, and as a web filter or a risk-level scaler to estimate whether a URL is malicious. | - |
| dc.language | English | - |
| dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
| dc.title | Malicious URL protection based on attackers' habitual behavioral analysis | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000447358600049 | - |
| dc.identifier.scopusid | 2-s2.0-85041677169 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 77 | - |
| dc.citation.beginningpage | 790 | - |
| dc.citation.endingpage | 806 | - |
| dc.citation.publicationname | COMPUTERS & SECURITY | - |
| dc.identifier.doi | 10.1016/j.cose.2018.01.013 | - |
| dc.contributor.localauthor | Kang, Brent Byunghoon | - |
| dc.contributor.nonIdAuthor | Kim, Jinbok | - |
| dc.description.isOpenAccess | N | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Behaviors | - |
| dc.subject.keywordAuthor | Fuzzy | - |
| dc.subject.keywordAuthor | Malicious URL | - |
| dc.subject.keywordAuthor | Similarity matching | - |
| dc.subject.keywordAuthor | Web-filtering | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 17 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.