Skip to main content

Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators

  • 1080 Accesses

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1289)


The hypothesis for the study was that the relationship based on referrer links and the number of hops to a malicious site could indicate the risk to another website. The researchers chose Receiver Operating Characteristics (ROC) analysis as the method of comparing true-positive and false-positive rates for captured web traffic to test the predictive capabilities of the created model. Known threat indicators were used as designators and leveraged with the Neo4j graph database to map the relationships between other websites based on referring links. Using the referring traffic, the researchers mapped user visits across websites with a known relationship to track the rate at which users progressed from a non-malicious website to a known threat. The results were grouped by the hop distance from the known threat to calculate the predictive rate. The results of the model produced true-positive rates between 58.59% and 63.45% and false-positive rates between 7.42% and 37.50%, respectively. The true and false-positive rates suggest an improved performance based on the closer proximity from the known threat, while an increased referring distance from the threat resulted in higher rates of false-positives.


  • Cyber security
  • Graphing database
  • Receiver operating characteristics
  • Neo4j
  • Website
  • Threat model

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Chiba, D., Tobe, K., Mori, T., Goto, S.: Detecting malicious websites by learning IP address features. In: 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, pp. 29–39. IEEE, Izmir (2012)

    Google Scholar 

  2. Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)

    CrossRef  MathSciNet  Google Scholar 

  3. Gillani, F., Al-Shaer, E., AsSadhan, B.: Economic metric to improve spam detectors. J. Netw. Comput. Appl. 65(C), 131–143 (2016)

    Google Scholar 

  4. Gyöngyi, Z., Garcia-Molina, H., Pedersen, J.: Combating web spam with trustrank. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases, Endowment, Toronto, vol. 30, pp. 576–587. VLDB (2004)

    Google Scholar 

  5. Wen, S., Zhao, Z., Yan, H.: Detecting malicious websites in depth through analyzing topics and web-pages. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy - ICCSP 2018, pp. 128–133. ACM, New York (2018)

    Google Scholar 

  6. Rawal, B., Liang, S., Loukili, A., Duan, Q.: Anticipatory cyber security research: An ultimate technique for the first-move advantage. TEM J. 5(1), 3–14 (2016)

    Google Scholar 

  7. de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017)

    CrossRef  Google Scholar 

  8. Schwarz, J., Morris, H.: Augmenting web pages and search results to support credibility assessment. In: Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems - CHI 2011, pp. 1245–154. ACM, New York (2011)

    Google Scholar 

  9. Kulp, P.: (Doctoral dissertation). Active cyber defense: A case study on responses to cyberattacks. Retrieved from ProQuest dissertations and theses database (UMI No. 13886134)

    Google Scholar 

  10. Http-sniffer. Accessed 19 Aug 2019

  11. Neomodel. Accessed 02 Nov 2019

  12. Zweig, M., Campbell, G.: Receiver-operating characteristic (ROC) plots: a fundamental evaluation tool in clinical medicine. Clin. Chem. 39(4), 561–577 (1993)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Philip H. Kulp .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kulp, P.H., Robinson, N.E. (2021). Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Proceedings of the Future Technologies Conference (FTC) 2020, Volume 2 . FTC 2020. Advances in Intelligent Systems and Computing, vol 1289. Springer, Cham.

Download citation