Skip to main content
SpringerLink
Log in

MIRD: Trigram-Based Malicious URL Detection Implanted with Random Domain Name Recognition

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2015)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 557))

Abstract

This paper proposed an approach of malicious URL detection using trigrams-based common pattern of URL, which implanted with random domain recognition, named MIRD. In MIRD the common patterns were composed of three segments common patterns of URL, namely domain segment, path name segment and file name segment. An inverted index based on trigrams was used to improve common pattern extraction of each segment. MIRD used the common patterns based on inverted index to match with the detected URL. Moreover, MIRD implanted with Random Domain Name Recognition Module, named RDM. The RDM identified the length of the domain name and resolved the domain name in iteration to recognize the domain name unresolved, reducing the cumulative error rate of malicious URL detection. Extensive experiments showed that the MIRD is efficient and scalable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. [EB/OL] 2015. http://www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports

  2. [EB/OL] 2015. http://en.wikipedia.org/wiki/Web_threat

  3. Le, A., Markopoulou, A., Faloutsos, M.: Phishdef: url names say it all. In: The 30th IEEE International Conference on Computer Communication, Shanghai, China (2011)

    Google Scholar 

  4. Porras, P., Saidi, H., Yegneswaran, V., Conficker, C.: P2P protocol and implementation. SRI International Technical Report (2009)

    Google Scholar 

  5. Porras, P., Saidi, H., Yegneswaran, V.: An Analysis of Conficker’s Logic and Rendezvous Points (2009)

    Google Scholar 

  6. [EB/OL] 2015. https://url.spec.whatwg.org/

  7. Likarish, P., Jung, E.: Leveraging google safebrowsing to characterize web-based attacks. Association for Computing Machinery, Chicago, IL, USA (2009)

    Google Scholar 

  8. Zhang, J., Porras, P., Ullrich, J.: Highly Predictive Blacklisting. In: Proceedings of the 17th Conference on Security symposium, San Jose, CA (2008)

    Google Scholar 

  9. Provos, N., Mavrommatic, P., Rajab, M.A., et al.: All your Iframes point to us. In: 17th Usenix Security Symposium, San Jose, CA (2008)

    Google Scholar 

  10. Liu, H., Ma, X., Wang, T., et al.: Modeling the effect of infection time on active worm propagations. In: The 5th Applications and Techniques in Information Security, Melbourne Australia (2014)

    Google Scholar 

  11. Zhang, Y., Hong, J., Cranor, L.: CANTINA: a content-based approach to detecting phishing web sites. In: 16th International World Wide Web Conference, Banff, Alberta, Canada (2007)

    Google Scholar 

  12. Garera, S., Provos, N., Chew, M.: A framework for detection and measurement of phishing attacks. In: The 5th ACM Workshop on Recurring Malcode, Alexandria, Virginia, USA (2007)

    Google Scholar 

  13. Ma, J., Saul, L.K., Savage, S., et al.: Beyond blacklists: learning to detection malicious web sites from suspicious URLs. In: The 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Paris, France (2009)

    Google Scholar 

  14. Ma, J., Saul, L.K., Savage, S., et al.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th International Conference on Machine Learning, Montreal, Canada (2009)

    Google Scholar 

  15. Thomas, K., Grier, C., Ma, J., et al.: Design and evaluation of a real-time url spam filtering service. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, San Francisco, CA (2011)

    Google Scholar 

  16. [EB/OL] 2014. http://larbin.sourceforge.net/index-eng.html

  17. Huang, D., Xu, K., Pei, J.: Malicious URL detection by dynamically mining patterns without pre-defined elements. In: The 22nd World Wide Web Conference, Rio de Janeiro, Brazil (2013)

    Google Scholar 

  18. [EB/OL] 2014. http://tools.ietf.org/html/rfc2181

  19. [EB/OL] 2014. http://en.wikipedia.org/wiki/Phishtank

  20. [EB/OL] 2014. http://www.malware.com.br/

Download references

Acknowledgments

The research work is supported by Supported by the Strategic Leading Science and Technology Projects of Chinese Academy of Sciences (No. XDA06030200); the National Natural Science Foundation under Grant (No. 61402464).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Cuiwen Xiong, Peng Zhang, Qingyun Liu & Jianlong Tan

  2. National Engineering Laboratory for Information Security Technologies, Beijing, China

    Peng Zhang, Qingyun Liu & Jianlong Tan

  3. University of Chinese Academy of Sciences, Beijing, China

    Cuiwen Xiong

  4. National Computer Network Emergency Response Technical Team, Beijing, China

    Pengxiao Li

Authors
  1. Cuiwen Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pengxiao Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Qingyun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jianlong Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peng Zhang .

Editor information

Editors and Affiliations

  1. Chinese Academy of Sciences, Beijing, China

    Wenjia Niu

  2. Deakin University, Burwood, Victoria, Australia

    Gang Li

  3. Beijing Jiaotong University, Beijing, China

    Jiqiang Liu

  4. Chinese Academy of Sciences, Beijing, China

    Jianlong Tan

  5. Chinese Academy of Sciences, Beijing, China

    Li Guo

  6. Beijing Jiaotong University, Beijing, China

    Zhen Han

  7. Fac. Science&Technology, Deakin University, Burwood, Victoria, Australia

    Lynn Batten

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Xiong, C., Li, P., Zhang, P., Liu, Q., Tan, J. (2015). MIRD: Trigram-Based Malicious URL Detection Implanted with Random Domain Name Recognition. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48683-2_27

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48682-5

  • Online ISBN: 978-3-662-48683-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation