International Journal of Parallel Programming

, Volume 44, Issue 1, pp 163–180 | Cite as

Detection of Forwarding-Based Malicious URLs in Online Social Networks

  • Jian Cao
  • Qiang Li
  • Yuede Ji
  • Yukun He
  • Dong Guo


In recent years, online social networks (OSNs), such as Facebook, Twitter and Sina Weibo, have become extremely popular among Internet users. Unfortunately, attackers also utilize them to hide malicious attacks. Due to the significance of detecting malicious URLs in OSNs, multiple solutions have been offered by OSN operators, security companies, and academic researchers. Most of these solutions use machine-learning methods to train classification models based on different kinds of feature sets. However, most are ineffective because their selected features are conventional. In this paper, we focus on forwarding-based features because of the special connections between forwarding behavior and the propagation of malicious URLs. First, we conduct a comprehensive analysis of conventional URL feature sets. Then, we design some forwarding-based features and choose several graph-based features to combine with them in order to train a detection model. We evaluate the system using about 100,000 original messages collected from Sina Weibo, which is the largest OSN website in China. The high accuracy rate and low false positive rate show that forwarding-based features are much more effective in detecting malicious URLs in OSNs than are other more conventional features. To the best of our knowledge, this work is the first to analyze forwarding-based features in OSNs and offers a valuable contribution to this area of research.


Online social network Forwarding-based Machine learning  Malicious URL 



This work is supported by the National Natural Science Foundation of China under Grant Nos. 61170265 and 61472162.


  1. 1.
    Seeking alpha: Sina corporation’s ceo discusses q1 2013 results - earnings call transcript., Accessed Dec 2013
  2. 2.
    Eshete, B., Villafiorita, A., Weldemariam, K.: Binspect: holistic analysis and detection of malicious web pages. In: Security and Privacy in Communication Networks, pp. 149–166. Springer (2013)Google Scholar
  3. 3.
    Eshete, B., Villafiorita, A., Weldemariam, K.: Einspect: Evolution-guided analaysis and detection of malicious web pages. Technical report, Fondazione Bruno Kessler (2012)Google Scholar
  4. 4.
    Aggarwal, A., Rajadesingan, A., Kumaraguru, P.: Phishari: automatic realtime phishing detection on Twitter. In: eCrime Researchers Summit (eCrime), 2012, pp. 1–12. IEEE, (2012)Google Scholar
  5. 5.
    Rahman, M.S., Huang, T.-K., Madhyastha, H.V., Faloutsos, M.: Efficient and scalable socware detection in online social networks, In: USENIX Security (2012)Google Scholar
  6. 6.
    Yang, C., Harkreader, R.: Empirical evaluation and new design for fighting evolving Twitter spammers. IEEE Trans. Inf. Forensics Secur. 8(8), 1280–1293 (2013)CrossRefGoogle Scholar
  7. 7.
    Lee, S., Kim, J.: Warningbird: detecting suspicious urls in Twitter stream. In: Symposium on Network and Distributed System Security (NDSS) (2012)Google Scholar
  8. 8.
    Gao, H., Chen, Y., Lee, K., Palsetia, D., Choudhary, A.N.: Towards online spam filtering in social networks, In: Symposium on Network and Distributed System Security (NDSS) (2012)Google Scholar
  9. 9.
    Xiang, G..: Toward a phish free world: a feature-type-aware cascaded learning framework for phish detection. PhD thesis, Carnegie Mellon University, (2013)Google Scholar
  10. 10.
    Wen, S., Zhou, W., Zhang, J., Xiang, Y., Zhou, W., Jia, W.: Modeling propagation dynamics of social network worms. IEEE Trans. Parallel Distrib. Syst. 24(8), 1633–1643 (2013)Google Scholar
  11. 11.
    Egele, M., Stringhini, G., Kruegel, C., Vigna, G.: Compa: detecting compromised accounts on social networks. In: NDSS (2013)Google Scholar
  12. 12.
    Lam, K.C., Lau, W.C., Yue, O.: Hitchbot-delivering malicious urls via social hitch-hiking. In: Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE, pp. 1–6. IEEE, (2011)Google Scholar
  13. 13.
    Martinez-Romo, J., Araujo, L.: Detecting malicious tweets in trending topics using a statistical analysis of language. Expert Syst. Appl. 40(8), 2992–3000 (2013)Google Scholar
  14. 14.
    Ahmed, F., Abulaish, M.: An mcl-based approach for spam profile detection in online social networks. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 , pp. 602–608. IEEE, (2012)Google Scholar
  15. 15.
    Rahman, M.S., Huang, T.-K., Madhyastha, H.V., Faloutsos, M.: Frappe: detecting malicious facebook applications. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, pp. 313–324. ACM, (2012)Google Scholar
  16. 16.
    Google safe browsing api., Accessed Dec 2013
  17. 17.
    Honeypot., Accessed Dec 2013
  18. 18.
    Egan, S., Irwin, B.: An evaluation of lightweight classification methods for identifying malicious urls. In: Information Security South Africa (ISSA), 2011, pp. 1–6. IEEE, (2011)Google Scholar
  19. 19.
    Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Learning to detect malicious urls. ACM Trans. Intell. Syst. Technol (TIST) 2(3), 30 (2011)Google Scholar
  20. 20.
    Sina weibo api., Accessed Dec 2013

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Jian Cao
    • 1
    • 2
  • Qiang Li
    • 1
    • 2
  • Yuede Ji
    • 1
    • 2
  • Yukun He
    • 1
    • 2
  • Dong Guo
    • 1
    • 2
  1. 1.College of Computer Science and TechnologyJilin UniversityChangchunChina
  2. 2.Key Laboratory of Symbolic Computation and Knowledge Engineering of Ministry of EducationJilin UniversityChangchunChina

Personalised recommendations