Secure Real-Time Computational Intelligence System Against Malicious QR Code Links

Abstract

Web attackers aim to propagate malicious links using various techniques to deceive users. They attempt to control victims’ devices or obtain their passwords remotely, thereby acquiring access to bank accounts, financial transactions, or private and sensitive information they trade via the Internet. QR codes are accessible, free, easy to use, and can be scanned through several free apps on smartphones. As there is no standard structure or authentication phase in QR code generation, such codes are vulnerable to suspicious online content embedding, i.e., phishing, Cross-Site Scripting (XSS), and malware. Many studies have highlighted the attacks that may be perpetrated using barcodes, and there are some security countermeasures. Several of these solutions are limited to malicious link detection methods or require knowledge of cryptographic techniques. This study’s main objective is to detect malicious URLs embedded in QR codes. A dataset of 90 000 benign and malicious URLs was collected from various resources, and their lexical properties were extracted. Two computational intelligence models, fuzzy logic and multilayer perceptron artificial neural network (MLP-ANN), were applied and compared. An MLP-ANN was identified as the best classifier for detecting malicious URLs, and a proactive, secure, real-time computational intelligence barcode scanner implementation (BarCI ) against malicious QR code links was proposed based on this classifier. The results demonstrate that this approach enables efficient real-time attack detection with 82.9% accuracy