Abstract
This paper proposed an approach of malicious URL detection using trigrams-based common pattern of URL, which implanted with random domain recognition, named MIRD. In MIRD the common patterns were composed of three segments common patterns of URL, namely domain segment, path name segment and file name segment. An inverted index based on trigrams was used to improve common pattern extraction of each segment. MIRD used the common patterns based on inverted index to match with the detected URL. Moreover, MIRD implanted with Random Domain Name Recognition Module, named RDM. The RDM identified the length of the domain name and resolved the domain name in iteration to recognize the domain name unresolved, reducing the cumulative error rate of malicious URL detection. Extensive experiments showed that the MIRD is efficient and scalable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
[EB/OL] 2015. http://www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports
[EB/OL] 2015. http://en.wikipedia.org/wiki/Web_threat
Le, A., Markopoulou, A., Faloutsos, M.: Phishdef: url names say it all. In: The 30th IEEE International Conference on Computer Communication, Shanghai, China (2011)
Porras, P., Saidi, H., Yegneswaran, V., Conficker, C.: P2P protocol and implementation. SRI International Technical Report (2009)
Porras, P., Saidi, H., Yegneswaran, V.: An Analysis of Conficker’s Logic and Rendezvous Points (2009)
[EB/OL] 2015. https://url.spec.whatwg.org/
Likarish, P., Jung, E.: Leveraging google safebrowsing to characterize web-based attacks. Association for Computing Machinery, Chicago, IL, USA (2009)
Zhang, J., Porras, P., Ullrich, J.: Highly Predictive Blacklisting. In: Proceedings of the 17th Conference on Security symposium, San Jose, CA (2008)
Provos, N., Mavrommatic, P., Rajab, M.A., et al.: All your Iframes point to us. In: 17th Usenix Security Symposium, San Jose, CA (2008)
Liu, H., Ma, X., Wang, T., et al.: Modeling the effect of infection time on active worm propagations. In: The 5th Applications and Techniques in Information Security, Melbourne Australia (2014)
Zhang, Y., Hong, J., Cranor, L.: CANTINA: a content-based approach to detecting phishing web sites. In: 16th International World Wide Web Conference, Banff, Alberta, Canada (2007)
Garera, S., Provos, N., Chew, M.: A framework for detection and measurement of phishing attacks. In: The 5th ACM Workshop on Recurring Malcode, Alexandria, Virginia, USA (2007)
Ma, J., Saul, L.K., Savage, S., et al.: Beyond blacklists: learning to detection malicious web sites from suspicious URLs. In: The 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Paris, France (2009)
Ma, J., Saul, L.K., Savage, S., et al.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th International Conference on Machine Learning, Montreal, Canada (2009)
Thomas, K., Grier, C., Ma, J., et al.: Design and evaluation of a real-time url spam filtering service. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, San Francisco, CA (2011)
[EB/OL] 2014. http://larbin.sourceforge.net/index-eng.html
Huang, D., Xu, K., Pei, J.: Malicious URL detection by dynamically mining patterns without pre-defined elements. In: The 22nd World Wide Web Conference, Rio de Janeiro, Brazil (2013)
[EB/OL] 2014. http://tools.ietf.org/html/rfc2181
[EB/OL] 2014. http://en.wikipedia.org/wiki/Phishtank
[EB/OL] 2014. http://www.malware.com.br/
Acknowledgments
The research work is supported by Supported by the Strategic Leading Science and Technology Projects of Chinese Academy of Sciences (No. XDA06030200); the National Natural Science Foundation under Grant (No. 61402464).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Xiong, C., Li, P., Zhang, P., Liu, Q., Tan, J. (2015). MIRD: Trigram-Based Malicious URL Detection Implanted with Random Domain Name Recognition. In: Niu, W., et al. Applications and Techniques in Information Security. ATIS 2015. Communications in Computer and Information Science, vol 557. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48683-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-662-48683-2_27
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48682-5
Online ISBN: 978-3-662-48683-2
eBook Packages: Computer ScienceComputer Science (R0)