Malicious Uniform Resource Locator Research Articles

Real-time phishing detection using deep learning methods by extensions

Phishing is an attack method that relies on a user’s insufficient vigilance and understanding of the internet. For example, an attacker creates an online transaction website and tricks users into logging into the fake website to steal their personal information, such as credit card numbers, email addresses, phone numbers, and physical addresses. This paper proposes implementing an extension to prevent phishing for internet users. In particular, this study develops a smart warning feature for the proposed extension using deep learning models. The proposed extension installed in the web browser protects users by checking for, warning about, and preventing untrusted connections. This study evaluated and compared the performance of machine learning models using a malicious uniform resource locator (URL) dataset containing 651,191 data samples. The results of the investigation confirm that the proposed extension using a convolutional neural network (CNN) achieved a high accuracy of 98.4%.

Detection of Malicious URLs using Machine Learning based on Lexical Features

As the digital world evolves, the risk of valuable information being exposed to unauthorized parties is increasing. One common vulnerability is the use of malicious Uniform Resource Locator (URL), which are fraudulent links spread across various platforms such as social media and emails. Traditional methods of identifying these URLs, such as blacklisting and heuristic search, rely heavily on syntax or keyword matching, but struggle to keep up with the evolving tactics of cyber attackers. Hence, this paper proposes a solution for detecting malicious URLs and their types based on lexical features. Lexical features in a URL refer to the components that convey semantic and lexical meaning. These can include domain names, path lengths, special characters, and other elements that can be analyzed for patterns or anomalies. In our proposed method, we use 23 different lexical features that focus on the semantic and lexical meaning of the URLs. An Exploratory Data Analysis (EDA) is used to filter the most important lexical features that effectively contribute to predictions. With these carefully curated features, we address the problem as a multi-classification task, aiming to assess the performance of three distinct classifiers: Random Forest, which currently stands as the domain's best solution and a pure bagging technique, as well as XG Boost and Light GBM, both of which utilize boosting techniques. With the proposed method, we could achieve over 93\% accuracy for all the three classifiers while Random Forest achieving the best performance.

A hybrid deep learning technique for spoofing website URL detection in real-time applications

Website Uniform Resource Locator (URL) spoofing remains one of the ways of perpetrating phishing attacks in the twenty-first century. Hackers continue to employ URL spoofing to deceive naïve and unsuspecting consumers into releasing important personal details in malicious websites. Blacklists and rule-based filters that were once effective at reducing the risks and sophistication of phishing are no longer effective as there are over 1.5 million new phishing websites created monthly. Therefore, research aimed at unveiling new techniques for detecting phishing websites has sparked a lot of interest in both academics and business with machine and deep learning techniques being at the forefront. Among the deep learning techniques that have been employed, Convolutional Neural Network (CNN) remains one of the most widely used with high performance in feature learning. However, CNN has a problem of memorizing contextual relationships in URL text, which makes it challenging to efficiently detect sophisticated malicious URLs in real-time applications. On the contrary, Long Short-Term Memory (LSTM) deep learning model has been successfully employed in complex real-time problems because of its ability to store inputs for a long period of time. This study experiments with the use of hybrid CNN and LSTM deep learning models for spoofing website URL detection in order to exploit the combined strengths of the two approaches for a more sophisticated spoofing URL detection. Two publicly available datasets (UCL spoofing Website and PhishTank Datasets) were used to evaluate the performance of the proposed hybrid model against other models in the literature. The hybrid CNN-LSTM model achieved accuracies of 98.9% and 96.8%, respectively, when evaluated using the UCL and PhishTank datasets. On the other hand, the standalone CNN and LSTM achieved accuracies of 90.4% and 94.6% on the UCL dataset, while their accuracies on the PhishTank dataset were 89.3% and 92.6%, respectively. The results show that the hybrid CNN-LSTM algorithm largely outperformed the standalone CNN and LSTM models, which demonstrates a much better performance. Therefore, the hybrid deep learning technique is recommended for detecting spoofing website URL thereby reducing losses attributed to such attacks.

URL filtering using machine learning algorithms

ABSTRACT Cyber-attacks using malicious uniform resource locator (URL) propagation are very common and serious. Statistics indicate that there is a need to research and apply techniques and methods for identifying and preventing malicious URLs. The main objective of this research is to train machine learning models on selected dataset to predict phishing websites based on URL-related features. The accuracy level of each model is measured and compared. Finally, the best performing model will be used to develop a web application that provide internet users with an easy way to check suspicious URLs. We have used five different machine learning models to classify URLs as legitimate or phishing, these models are eXtreme Gradient Boosting (XGBoost), k-nearest neighbors (KNN), support vector machine (SVM), Decision Tree, and Random Forest. Finally, we used Voting Classifier to combine the work of Random Forest (RF) algorithm with other two models, Gaussian Naive Bayes, and Logistic Regression, to check if we can increase the accuracy of RF as suggested in the literature, but we found that the accuracy of RF alone was higher than the accuracy of the combined models. This project can be implemented as a browser extension or mobile application to classify suspicious URLs to legitimate or phishing with the use of the saved model.

An Assessment of Lexical, Network, and Content-Based Features for Detecting Malicious URLs Using Machine Learning and Deep Learning Models.

The World Wide Web services are essential in our daily lives and are available to communities through Uniform Resource Locator (URL). Attackers utilize such means of communication and create malicious URLs to conduct fraudulent activities and deceive others by creating deceptive and misleading websites and domains. Such threats open the doors for many critical attacks such as spams, spyware, phishing, and malware. Therefore, detecting malicious URL is crucially important to prevent the occurrence of many cybercriminal activities. In this study, we examined a set of machine learning (ML) and deep learning (DL) models to detect malicious websites using a dataset comprising 66,506 records of URLs. We engineered three different types of features including lexical-based, network-based and content-based features. To extract the most discriminative features in the dataset, we applied several features selection algorithms, namely, correlation analysis, Analysis of Variance (ANOVA), and chi-square. Finally, we conducted a comparative performance evaluation for several ML and DL models considering set of criteria commonly used to evaluate such models. Results depicted that Naïve Bayes (NB) was the best model for detecting malicious URLs using the applied data with an accuracy of 96%. This research has made contribution to the field by conducting significant features engineering and analysis to identify the best features for malicious URLs predictions, compare different models and achieve a high accuracy using a large new URL dataset.

Machine Learning System for Malicious Website Detection using Concept Drift Detection

Abstract: The rampant increase in the number of available cyber attack vectors and the frequency of cyber attacks necessitates the implementation of robust cybersecuritysystems. Malicious websites are a significant threat to cybersecurity. Miscreants and hackers use malicious websites for illegal activities such as disrupting the functioning of the systems by implanting malware, gaining unauthorized access to systems, or illegally collecting personal information. We propose and implement an approach for classifying malicious and benign websites given their Uniform Resource Locator(URL) as input. Using the URL provided by the user, we collect Lexical, Host-Based, and Content-Based features for the website. These features are fed into a supervised Machine Learning algorithm as input that classifies the URL as malicious or benign. The models are trained on a dataset consisting of multiple malicious and benign URLs. We have evaluated the accuracy of classification for Random forests, Gradient Boosted Decision Trees and Deep Neural Network classifiers. One loophole in the use of Machine learning for detection is the availability of the same training data to the attackers. This data is exploited by the miscreants to alter the features associated with the Malicious URLs, which will be classified as benign by the supervised learning algorithms. Further, owing to the dynamic nature of the malicious websites, we also propose a paradigm for detecting and countering these manually induced concept drifts. IndexTerms—URL Feature Extraction, Malicious Website Detection, Concept Drifts, Feature Vectors, Gradient Boosted Trees, Random Forest, Feedforward Neural Networks Keywords: (cyber attack, URL, Supervised machine learning, DNN, extraction)

A Novel Approach for Malicious URL Detection Based on the Joint Model

The number of malicious websites is increasing yearly, and many companies and individuals worldwide have suffered losses. Therefore, the detection of malicious websites is a task that needs continuous development. In this study, a joint neural network algorithm model combining the attention mechanism, bidirectional independent recurrent neural network (Bi-IndRNN), and capsule network (CapsNet) is proposed. The word vector tool word2vec trains the character- and word-level uniform resource locator (URL) static embedding vector features. At the same time, the algorithm will also extract texture fingerprint features that can compare the content differences of different malicious web URL binary files. Then, the extracted features are fused and input into the joint neural network algorithm model. First, the multihead attention mechanism is used to extract contextual semantic features by adjusting weights and Bi-IndRNN. Second, CapsNet with dynamic routing is used to extract deep semantic information. Finally, the sigmoid classifier is used for classification. This study uses different methods from different angles to extract more comprehensive features. From the experimental results, the method proposed in this study improves the classification accuracy of malicious web page detection compared with other researchers.

Detecting phishing websites using machine learning technique.

In recent years, advancements in Internet and cloud technologies have led to a significant increase in electronic trading in which consumers make online purchases and transactions. This growth leads to unauthorized access to users’ sensitive information and damages the resources of an enterprise. Phishing is one of the familiar attacks that trick users to access malicious content and gain their information. In terms of website interface and uniform resource locator (URL), most phishing webpages look identical to the actual webpages. Various strategies for detecting phishing websites, such as blacklist, heuristic, Etc., have been suggested. However, due to inefficient security technologies, there is an exponential increase in the number of victims. The anonymous and uncontrollable framework of the Internet is more vulnerable to phishing attacks. Existing research works show that the performance of the phishing detection system is limited. There is a demand for an intelligent technique to protect users from the cyber-attacks. In this study, the author proposed a URL detection technique based on machine learning approaches. A recurrent neural network method is employed to detect phishing URL. Researcher evaluated the proposed method with 7900 malicious and 5800 legitimate sites, respectively. The experiments’ outcome shows that the proposed method’s performance is better than the recent approaches in malicious URL detection.

To click or not to click the link: the factors influencing internet banking users’ intention in responding to phishing emails

PurposeDespite internet banking’s popularity, there is a rise in phishing attacks related to online banking transactions. Phishing attacks involved the process of sending out electronic mails impersonating the valid banking institutions to their customers and demanding confidential data such as credential and transaction authorisation code. The purpose of this paper is to propose a theoretical model of individual and technological factors influencing Malaysian internet banking users’ intention in responding to malicious uniform resource locator (URL) in phishing email content.Design/methodology/approachIt applied the protective motivation theory, the theories of reasoned action and planned behaviour, the habit theory and the trust theory to examine the factors influencing internet banking users’ intention to click URLs in phishing emails. The study identifies individual and technological factors with ten hypotheses. A total of 368 Malaysian respondents voluntarily participated in an online survey conducted in the first week of March 2021. The partial least squares method provided in SmartPLS-3 was used to model the data.FindingsThe results revealed that individual factors, namely, internet banking experience, understanding the phishing meaning, response cost, trust and perceived ability were the significant influencing factors of internet banking users’ intention to click the link in phishing emails. This study also suggested that technological factors were not relevant in describing the behavioural intention of internet banking users in clicking the links in phishing emails.Social implicationsThe findings could contribute to Malaysian banking sectors and relevant government agencies in educating and increasing internet banking users’ awareness towards phishing emails.Originality/valueThe outcomes demonstrated the individual factors that influenced internet banking users’ intention in responding to phishing emails that are specific and relevant to Malaysia’s context.

Malicious URL Detection Based on Improved Multilayer Recurrent Convolutional Neural Network Model

The traditional malicious uniform resource locator (URL) detection method excessively relies on the matching rules formulated by the network security personnel, which is hard to fully express the text information of the URL. Thus, an improved multilayer recurrent convolutional neural network model based on the YOLO algorithm is proposed to detect malicious URL in this paper. First, single characters are mapped to dense vectors using word embedding, and the dense vectors are participated in the training process of the whole model according to the structural characteristics of the URL in the method. Then, the CSPDarknet neural network model based on the improved YOLO algorithm is proposed to extract features of the URL. Finally, the extracted features are used to evaluate malicious URL by the bidirectional LSTM recurrent neural network algorithm. In order to verify the validity of the algorithm, a total of 200,000 URLs are collected, including 100,000 normal URLs labeled “good” and 100,000 malicious URLs labeled “bad”. The experimental results show that the method detects malicious URLs more quickly and effectively and has high accuracy, high recall rate, and high accuracy compared with Text-RCNN, BRNN, and other models.

Malicious URL Detection Based on a Parallel Neural Joint Model

A parallel neural joint model algorithm is proposed for the analysis and detection of malicious Uniform Resource Locator (URL). By detecting and analyzing malicious URL's characteristics, the semantic and visual information will be extracted. First, a visualization algorithm is used to realize the visualization of the URL mapping to a gray image with texture characteristics. Second, the lexical feature and character feature of URL are extracted and further processed through word vector technology. These extracted features are transformed into lexical embedding vectors and character embedding vectors. To combine the texture features with text features, a parallel joint neural network combining capsule network (CapsNet) and independent recurrent neural network (IndRNN) is utilized to capture multi-modal vectors of visual and semantic information synchronously. The last layer utilizes the attention mechanism to further filter the deep features extracted from the overall network while concentrating on effective features improving the classification accuracy and analyzing and detect malicious URLs. Based on the experimental results, it is demonstrated that this algorithm has higher accuracy compared to the traditional algorithms.

Detecting malicious URLs using binary classification through adaboost algorithm

Malicious Uniform Resource Locator (URL) is a frequent and severe menace to cybersecurity. Malicious URLs are used to extract unsolicited information and trick inexperienced end users as a sufferer of scams and create losses of billions of money each year. It is crucial to identify and appropriately respond to such URLs. Usually, this discovery is made by the practice and use of blacklists in the cyber world. However, blacklists cannot be exhaustive, and cannot recognize zero-day malicious URLs. So to increase the observation of malicious URL indicators, machine learning procedures should be incorporated. This study aims to discuss the exposure of malicious URLs as a binary classification problem using machine learning through an AdaBoost algorithm.

URL Scrutiny to Circumvent Phishing

Increasing the number of cyber-crimes and frauds it has become the need of hour to seriously consider the threat and make some solid security arrangement against it. The links or Uniform Resource locator (URL) can be classified as benign, spam or malicious thus informing the user beforehand about its safety. As emails are hook to attach malicious URL, luring to catch the users. Malicious URL are the most common tool used in breaking identity and attacking either the system database or some financial frauds. Instead of focusing the source of such links if the rigorous testing on various attributes is performed on the URL itself using Random forest algorithm for threat detection and Support Vector Machine (SVM) to consider even the extreme cases is expected to improve the coverage and thus can provide the system user with high level security from counterfeited URL.

A Deep-Learning-Driven Light-Weight Phishing Detection Sensor.

This paper designs an accurate and low-cost phishing detection sensor by exploring deep learning techniques. Phishing is a very common social engineering technique. The attackers try to deceive online users by mimicking a uniform resource locator (URL) and a webpage. Traditionally, phishing detection is largely based on manual reports from users. Machine learning techniques have recently been introduced for phishing detection. With the recent rapid development of deep learning techniques, many deep-learning-based recognition methods have also been explored to improve classification performance. This paper proposes a light-weight deep learning algorithm to detect the malicious URLs and enable a real-time and energy-saving phishing detection sensor. Experimental tests and comparisons have been conducted to verify the efficacy of the proposed method. According to the experiments, the true detection rate has been improved. This paper has also verified that the proposed method can run in an energy-saving embedded single board computer in real-time.

A Joint Approach to Detect Malicious URL Based on Attention Mechanism

To improve the accuracy and automation of malware Uniform Resource Locator (URL) recognition, a joint approach of Convolutional neural network (CNN) and Long-short term memory (LSTM) based on the Attention mechanism (JCLA) is proposed to identify and detect malicious URL. Firstly, the URL features including texture information, lexical information and host information are extracted and filtered, and pre-processed with encode. Then, the feature matrix more relevant to the output are chose according to the weight of the attention mechanism and input to the constructed parallel processing model called CNN_LSTM, combinating CNN and LSTM to get local features. Next, the extracted local features are merged to calculate the global features of the URLs to be detected. Finally, the URLs are classified by the SoftMax classifier using global features, the accuracy of the model in malicious URL recgonition is 98.26%. The experimental results show that the JCLA model proposed in this paper is better than the traditional deep learning model or CNN_LSTM combined model for detecting malicious URLs.

Detection of Malicious uniform Resource Locator

With the growing use of internet across the world ,the threats posed by it are numerous. The information you get and share across the internet is accessible, can be tracked and modified. Malicious websites play a pivotal role in effecting your system. These websites reach users through emails, text messages, pop ups or devious advertisements. The outcome of these websites or Uniform Resource Locators (URLs) would often be a downloaded malware, spyware, ransomware and compromised accounts. A malicious website or URL requires action on the users side, however in the case of drive by only downloads, the website will attempt to install software on the computer without asking users permission first. We put forward a model to forecast a URL is malicious or benign, based on the application layer and network characteristics. Machine learning algorithms for classification are used to develop a classifier using the targeted dataset. The targeted dataset is divided into training and validation sets. These sets are used to train and validate the classifier model. The hyper parameters are tuned to refine the model and generate better results.

Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification

Malicious domain names usually refer to a series of illegal activities, posing threats to people's privacy and property. Therefore, the problem of detecting malicious domain names has aroused widespread concerns. In this study, a malicious domain names detection algorithm based on lexical analysis and feature quantification is proposed. To achieve efficient and accurate detection, the method includes two phases. The first phase checks an observed domain name against a blacklist of known malicious uniform resource locator (URLs). The observed domain name is classified as being definitely malicious or potentially malicious based on its edit distances to the domain names on the blacklist. The second phase further evaluates a potential malicious domain name by its reputation value that represents its lexical feature and is calculated based on an N-gram model. The top 100,000 normal domain names in Alexa are used to obtain a whitelist substring set using the N-gram method in which each domain name excluding the top-level domain is segmented into substrings with the length of 3, 4, 5, 6 and 7. The weighted values of the substrings are calculated according to their occurrence counts in the whitelist substring set. A potential malicious domain name is segmented by the N-gram method and its reputation value is calculated based on the weighted values of its substrings. Finally, the potential malicious domain name is determined to be malicious or normal based on its reputation value. The effectiveness of the proposed detection method has been demonstrated by experiments on public available data.

Deep belief network based detection and categorization of malicious URLs

ABSTRACTThe Internet, web consumers and computing systems have become more vulnerable to cyber-attacks. Malicious uniform resource locator (URL) is a prominent cyber-attack broadly used with the intention of data, money or personal information stealing. Malicious URLs comprise phishing URLs, spamming URLs, and malware URLs. Detection of malicious URL and identification of their attack type are important to thwart such attacks and to adopt required countermeasures. The proposed methodology for detection and categorization of malicious URLs uses stacked restricted Boltzmann machine for feature selection with deep neural network for binary classification. For multiple classes, IBK-kNN, Binary Relevance, and Label Powerset with SVM are used for classification. The approach is tested with 27700 URL samples and the results demonstrate that the deep learning-based feature selection and classification techniques are able to quickly train the network and detect with reduced false positives.

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate.

Defense against malicious URL spreading in micro‐blog network with hub nodes

SummaryThe micro‐blog network is one of the most popular social networking platforms. By calculating the degree centrality, we found that hub nodes play an important role in micro‐blog networks, which is the main power of message forwarding. To improve the security of the micro‐blog network, we proposed a defending scheme against malicious Uniform Resource Locator (URL) diffusing in micro‐blog networks with hub nodes. After a node found a new malicious URL, it will edit a warning massage about the malicious URL. If the normal node obtains malicious URL warning message, it will send private message with the warning message to the hub node and update its blog article. The malicious URL warning messages spread rapidly in the whole networks in a short period because of the influence of Hub nodes. At the same time, we add the comparison mechanism to reduce the redundancy of spreading the warning message in the networks. So the security of entire micro‐blog networks can be improved against malicious URL without increasing the network load. Experiments show that our scheme can effectively defend against the malicious URL in the any scale of micro‐blog networks. Copyright © 2016 John Wiley & Sons, Ltd.