URL Shortening Research Articles

Phishing Site Detection Classification Model Using Machine Learning Approach

Phishing has been a cybercrime that has existed for a long time, and there are still many people who are victims of this attack. This research attempts to prevent phishing by extracting the attributes found on phishing websites. This study uses a hybrid method by combining allowlist and denylist as part of a classification system. This research utilizes 18 features to identify a phishing site in terms of address bar, abnormal request, and source code (HTML and JavaScript). Where in each feature the author determines the benchmark. This study validates the status code and detects 52 URL shortening service domains and then evaluates these abnormalities with a binary classification system. Algorithms that have good results are Decision Tree and K Nearest Neighbor (KNN). After evaluating the performance of the algorithm in terms of Precision, Recall, and F-Measure. As a result, the Decision Tree algorithm has the highest accuracy of 97.62% and the fastest computation time of 0.00894 seconds. So that the Decision Tree is superior in terms of accuracy and computation time in detecting phishing URLs.

Digital fingerprinting for identifying malicious collusive groups on Twitter

Abstract Propagation of malicious code on online social networks (OSNs) is often a coordinated effort by collusive groups of malicious actors hiding behind multiple online identities (or digital personas). Increased interaction in OSN has made them reliable for the efficient orchestration of cyberattacks such as phishing click bait and drive-by downloads. URL shortening enables obfuscation of such links to malicious websites and massive interaction with such embedded malicious links in OSN guarantees maximum reach. These malicious links lure users to malicious endpoints where attackers can exploit system vulnerabilities. Identifying the organized groups colluding to spread malware is non-trivial owing to the fluidity and anonymity of criminal digital personas on OSN. This paper proposes a methodology for identifying such organized groups of criminal actors working together to spread malicious links on OSN. Our approach focuses on understanding malicious users as ‘digital criminal personas’ and characteristics of their online existence. We first identify those users engaged in propagating malicious links on OSN platforms, and further develop a methodology to create a digital fingerprint for each malicious OSN account/digital persona. We create similarity clusters of malicious actors based on these unique digital fingerprints to establish ‘collusive’ behaviour. We evaluate the ability of a cluster-based approach on OSN digital fingerprinting to identify collusive behaviour in OSN by estimating within-cluster similarity measures and testing it on a ground-truth dataset of five known colluding groups on Twitter. Our results show that our digital fingerprints can identify 90% of cyber personas engaged in collusive behaviour and 75% of collusion in a given sample set.

Comparative analysis of URL shortening algorithms: Рerformance considerations in the application domain оf web search and information retrieval technology

This article provides an in-depth overview and comparative analysis of URL shortening algorithms, with a focus on their performance and security. URL shortening is an important tool for creating concise versions of long URLs, particularly in platforms with character limitations. However, the increasing prevalence of cyber threats has raised concerns regarding the security of URL shortening. The paper examines a range of URL shortening algorithms, including Hash-based and Randomized algorithms, and compares their effectiveness based on factors such as URL length, randomness, and resistance to brute-force attacks. In addition, the article explores the security risks involved in URL shortening and suggests strategies for mitigating them. The paper also includes a performance analysis of different URL shortening algorithms, considering the time required to generate a shortened URL and redirect the user to the original URL. Finally, the article discusses the challenges of evaluating URL shortening algorithms and outlines potential avenues for future research in this area.

Analyzing temporal graphs of malware distribution networks

This research provides temporal insight on network topological structures, as well as transitional properties and malware attribution of malware distribution networks. This is accomplished with a temporal-based data set created using a novel data fusion of publicly-available data sources. We developed and used a crawler, along with public APIs, to collect publicly-available data of malicious top-level domains and relevant hosted malware from Google Safe Browsing and VirusTotal for an eight-month period between 19 January and 25 September of 2017. We then combined these data sources, which revealed new insight on fully qualified domain name topological network structure properties and temporal transitions not appreciable from the individual data sources. We have provided the technical details of our novel data fusion approach to GSB and VT static data. The result of this data fusion was the creation of new observable knowledge, primarily temporal-based structural changes and malware attribution within the distribution network, which is not available by analyzing the static data of GSB and VT in isolation. Data revealing details of malware-hosting on a domain brought to light topological structures of fully-qualified domain names involved in the distribution of malicious files. Our insights include: 1) malware distribution networks form clusters that follow the Power law, 2) network structure components such as bridges and hubs (both concepts presented and defined in this paper), and URL shortening providers serve significant roles in malware distribution dynamics, 3) persistence of fully-qualified domain names in malware distribution is random and often used only once to host malware, 4) a large number of unique, downloaded malicious files hosted on various nodes in a malware distribution network were found to belong to a much smaller set of malware families. These observed insights revealed continued persistence of surrounding topological structures. These topological structures were streaming malicious data flows to fully-qualified domain names identified as actively hosting malware before and after the date of identification. The insights further suggest large topological structures with data flow distributing malware persist over time with small sub-structural changes. We have provided suggestions on preventing sustained malicious data flows based on our temporal observations of bridge and hub structures. Individual persistent fully-qualified domain names within these large structures repeatedly served as either a source or an intermediate node of malicious data flows. This implies that the continued monitoring of data flows can serve to alert early-stage malware distribution.

A URL Shortening Service by Using Flask Framework Based on Base-62 Algorithm

In this paper, we have shown the importance of URL shortening at the time of sharing on various platforms. URLs appear to be long, unattractive, on most of the social platforms. They often get broken when shared on social media platforms like e-mail and short URLs can come in handy during these times. To shorten an Internet Long URL, we proposed a URL shortening service that will take a long Web URL/address and creates a shorter URL that will not break when we share on different platforms and make them more manageable by using flask framework base62 algorithm. In this paper, we have also provided a way that helps during digital marketing, social campaigning, and posting by giving the stats of the number of clicks made to the shortened URL as it shows the number of people interested in clicking the URL.

Understanding Security Risks of Ad-based URL Shortening Services Caused by Users' Behaviors

URL shortening services enable us to shorten or simplify URLs. Ad-based URL shortening services display advertisements to users who access short URLs and reward short URL creators. However, ad-based URL shortening services have specific security risks that URL shortening services without ads do not, such as displaying malicious advertisements to users. In this study, we reveal previously unknown security risks of these services caused by users' behaviors. We conducted a comprehensive measurement of ad-based URL shortening services. First, we accessed short URLs of these services, clicked buttons on the web pages, and reached the final destinations of the short URLs. Then, we reveal the security risks posed to users by monitoring and analyzing traffic logs when such short URLs are accessed. We found that all services generated an average of 86.5 web requests to malicious domain names per short URL. We then showed the security risk of unintentionally communicating malicious domain names even when users click only on buttons that correctly move users to their desired destinations. Finally, we discuss countermeasures to mitigate these risks from the perspective of each stakeholder in ad-based URL shortening services.

Proposing a Secure URL Shortening Service by using Blackboard Architecture

URLs can get long, unattractive, and break when sent via e-mail. To shorten an Internet address, we proposed a secure URL shortening service which will take a long Web address and create a shorter address that will not break in an e-mail posting by using the Blackboard architecture. Security is considered in the proposed service to prevent hacking because shortened links may stop working or requests can be redirected to advertising websites and/or websites containing malware. The Blackboard is updated continuously by KS and it holds all the data concerning the URL shortening by storing all the intermediate solutions until the final solution of the problem of URL shortening is found. The knowledge sources that are proposed in the Blackboard system include: (URL Validation, URL Statistics, and Secure URL shortening).As a result the proposed secure URL shortening service will give the user more trust to use the service with security, availability, and confidentiality consideration as compared to the available used services.

2014 not found: a cross-platform approach to retrospective web archiving

While web archiving techniques capture snapshots of websites in real time, this article introduces an approach for building special collections for web archiving in retrospect. Retrospective web archiving (RWA) aims to fill-in gaps in existing archives, as well as to expand the boundaries of web archiving from the open web to cross-platform curation, and from national to international perspectives. The proposed approach is tested on a case study of the 2014 War in Gaza. The retrospective collection contains 118,508 unique URIs and relevant metadata, carbon-dated to the period of the military operation, in 46 languages and 5692 domain suffixes, collected from Wikipedia, Google, Twitter and YouTube. Findings suggest that four years after the war, 50% of the URIs were still available on the live web, but only 38% of them have already been archived elsewhere. Although URL sharing on social media was found the most relevant for retrospective curation, the platformisation of the web, along with the popularity of URL shortening services, severely impacts their archival coverage. The article suggests taking into account platform dynamics and cultural differences in link sharing practices, when thinking about future curation policies for both real time and RWA.

Bit.ly/practice: Uncovering content publishing and sharing through URL shortening services

It becomes the norm for people to share online content such as images, videos, and news over various channels including online social networks, news media, or online communities. One of the popular ways to publish and share online content is using a URL shortening service, which provides a short equivalent URL that is redirected to an original URL of content. This paper comprehensively analyze the practice of using short URLs from their creations to publishing to sharing, using a large scale dataset that contains 4.2 B requests for 80 M URLs created through Bit.ly, one of the most popular URL shortening services. We find that content URLs are mosunknown.

Correlated Cascades: Compete or Cooperate

In real world social networks, there are multiple cascades which are rarely independent. They usually compete or cooperate with each other. Motivated by the reinforcement theory in sociology we leverage the fact that adoption of a user to any behavior is modeled by the aggregation of behaviors of its neighbors. We use a multidimensional marked Hawkes process to model users product adoption and consequently spread of cascades in social networks. The resulting inference problem is proved to be convex and is solved in parallel by using the barrier method. The advantage of the proposed model is twofold; it models correlated cascades and also learns the latent diffusion network. Experimental results on synthetic and two real datasets gathered from Twitter, URL shortening and music streaming services, illustrate the superior performance of the proposed model over the alternatives.

Inference Attack on Browsing History of Twitter Users Using Public Click Analytics and Twitter Metadata

Twitter is a popular online social network service for sharing short messages (tweets) among friends. Its users frequently use URL shortening services that provide (i) a short alias of a long URL for sharing it via tweets and (ii) public click analytics of shortened URLs. The public click analytics is provided in an aggregated form to preserve the privacy of individual users. In this paper, we propose practical attack techniques inferring who clicks which shortened URLs on Twitter using the combination of public information: Twitter metadata and public click analytics. Unlike the conventional browser history stealing attacks, our attacks only demand publicly available information provided by Twitter and URL shortening services. Evaluation results show that our attack can compromise Twitter users’ privacy with high accuracy.

SHRT : 유사 단어를 활용한 URL 단축 기법

단축 URL은 짧은 URL을 긴 URL 대신에 사용하는 방식으로, 짧은 URL이 긴 URL에 리다이렉션되는 방식이다. 단축 URL은 생성과 사용이 간편하고, 글자수가 제한된 마이크로 블로깅 서비스의 사용이 증가함에 따라 폭발적으로 사용량이 증가하였다. 단축 URL의 사용이 간편하기 때문에, 메일, SMS, 책에서도 많이 사용되고 있다. 그러나 대부분의 단축 URL은 연결된 URL과의 어떠한 연관성도 없어, 사용자는 단축 URL에 직접 확인하기 전까지는 무엇에 관한 URL인지 모른다. 연결된 URL을 알 수 없다는 점을 악용하여, 단축 URL은 피싱 사이트나 악성코드 유포 등에 쓰인다. 기존에 이러한 문제를 극복하기 위해 단축 URL 서비스 사이트의 이름을 바꾸거나, 웹사이트의 정보를 반영하거나, 지역 이름의 줄임말 같은 단축어 사용 등의 시도가 있었으나, 각각의 방법에는 자동화의 어려움, 상대적으로 긴 단축 URL 길이, 적용 범위 한계가 각각의 문제점으로 적용하였다. 앞선 문제점을 보완하기 위하여, 본 논문은 아랍어의 모음이 없는 문자 시스템에서 착안하여 URL 사이트 이름에서 모음을 탈락시킨 유사한 문자열을 이용하여 단축 URL 방식 SHRT를 제안한다. Shorten URL service is the method of using short URL instead of long URL, it redirect short url to long URL. While the users of microblog increased rapidly, as the creating and usage of shorten URL is convenient, shorten url became common under the limited length of writing on microblog. E-mail, SMS and books use shorten URL well, because of its simplicity. But, there is no relativeness between the most of shorten URLs and their target URLs, user can not expect the target URL. To cover this problem, there is attempts such as changing the shorten URL service name, inserting the information of website into shorten URL, and the usage of shortcode of physical address. However, each ones has the limits, so these are the trouble of automation, relatively long address, and the narrowness of applicable targets. SHRT is complementary to the attempts, as getting the idea from the writing system of Arabic. Though the writing system of Arabic has no vowel alphabet, Arabs have no difficult to understand their writing. This paper proposes SHRT, new method of URL Shortening. SHRT makes user guess the target URL using Relative word of the lowest domain of target URL without vowels.

Watching From Afar

Uses of new media in the context of the Arab Spring have attracted scholarly attention from a wide array of disciplines. Amid the anecdotes and speculation, most of the available empirical research in this area has examined how new media have enabled participants and spectators to produce and circulate protest-related content. In contrast, the current study investigates patterns of consumption of Arab Spring–related content using a unique data set constructed by combining archived Twitter content with metadata drawn from the URL shortening service Bit.ly. This data set allows us to explore two critical research questions: First, were links posted to Twitter (among other platforms) followed primarily by individuals inside the affected country, within the broader Middle East and North Africa (MENA) region or by those outside the region and country? And second, who attracted more attention online: protesters and other nonelite citizens or traditional news organizations? Our findings suggest that the vast majority of attention to Arab Spring content came from outside of the MENA region and, furthermore, that mass media, rather than citizen media, overwhelmingly held the world’s attention during the protests. We thus conclude that Twitter was broadly useful as an information channel for non-MENA onlookers but less so for protesters on the ground.

Fluxing botnet command and control channels with URL shortening services

URL shortening services (USSes), which provide short aliases to registered long URLs, have become popular owing to Twitter. Despite their popularity, researchers do not carefully consider their security problems. In this paper, we explore botnet models based on USSes to prepare for new security threats before they evolve. Specifically, we consider using USSes for alias flux to hide botnet command and control (C&C) channels. In alias flux, a botmaster obfuscates the IP addresses of his C&C servers, encodes them as URLs, and then registers them to USSes with custom aliases generated by an alias generation algorithm. Later, each bot obtains the encoded IP addresses by contacting USSes using the same algorithm. For USSes that do not support custom aliases, the botmaster can use shared alias lists instead of the shared algorithm. DNS-based botnet detection schemes cannot detect an alias flux botnet, and network-level detection and blacklisting of the fluxed aliases are difficult. We also discuss possible countermeasures to cope with these new threats and investigate operating USSes.

Available, intuitive and free! Building e-learning modules using web 2.0 services

Background: E-learning is part of the mainstream in medical education and often provides the most efficient and effective means of engaging learners in a particular topic. However, translating design and content ideas into a useable product can be technically challenging, especially in the absence of information technology (IT) support. There is little published literature on the use of web 2.0 services to build e-learning activities.Aim: To describe the web 2.0 tools and solutions employed to build the GP Synergy evidence-based medicine and critical appraisal online course.Methods: We used and integrated a number of free web 2.0 services including: Prezi, a web-based presentation platform; YouTube, a video sharing service; Google Docs, a online document platform; Tiny.cc, a URL shortening service; and Wordpress, a blogging platform.Results: The course consisting of five multimedia-rich, tutorial-like modules was built without IT specialist assistance or specialised software. The web 2.0 services used were free. The course can be accessed with a modern web browser.Conclusions: Modern web 2.0 services remove many of the technical barriers for creating and sharing content on the internet. When used synergistically, these services can be a flexible and low-cost platform for building e-learning activities. They were a pragmatic solution in our context.

Staking a claim on the dotbrand frontier: A brand perspective

In 2013, the bedrock of the internet's naming structure — the dotcom — will be shaken to its core as generic Top-Level Domains (gLTDs) are allowed to begin existing under a far more liberalised naming convention. For brands, opting whether to simply be themselves on the web — pepsi.cola without the familiar ‘.com’ suffix at the tail, for instance — through an expensive, detailed registration process should be a highly individualised decision that is far different from the necessity of simply being present on the web. Chiefly, opportunity in the dotbrand realm will exist first for brands with robust digital strategies already in place. Those aspiring to a streamlined, more cohesive structure on the web could find a smart investment in a gLTD. Others might harness the new freedom to lease personalised URLs with their corporate or brand suffixes attached (.eBay, as an example). In addition, a gLTD could be the right tonic also for a fragmented master brand, driving equity back to the parent. For most, however, a wait-and-see approach will be best. Cautionary tales abound in consumer-brand relationships, with sudden, top-down shifts often met with irritation or outright mutiny. Moreover, a trend toward URL shortening, propelled by the advent of mobile, reduces the importance of a root address.

Clusters and constellations: Untwisting shortened links

AbstractFrequent users of social services such as Twitter are now familiar with the use of URL shortening services to produce compressed versions of actionable URLs. Although the typical user motivation for these is often taken to be convenience – particularly in the matter of reducing the amount of space taken by a link during a tweet, these shortening services are also used for various other purposes, including the collection of analytics for marketing purposes. In this poster we present the initial findings from our analysis of 350,000 tweets from Twitter on a subject close to the hearts of many ASIS&T conference attendees – the TSA (transport security administration). These tweets, gathered over a period of six weeks, primarily collect together reactions to a number of events and announcements of both positively and negatively nature, and as such, contain a large number of encoded URLs. We show the result of back‐tracking URLs to their origin, demonstrating that it is now commonplace for URLs to be redirected through more than one redirection service. From analysis of the shortening services used we demonstrate that the majority of shortened URLs make use of one of a very small number of services, although these may be identified via an alias. Finally, we discuss the implications of these findings, both in terms of preservation and our ability to access the context of older Twitter conversations, and in terms of the implications for developers of user applications or content analysis platforms.