Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators

Kulp, Philip H.; Robinson, Nikki E.

doi:10.1007/978-3-030-63089-8_34

Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators

Philip H. Kulp¹⁷ &
Nikki E. Robinson¹⁷

Conference paper
First Online: 01 November 2020

1080 Accesses

Part of the Advances in Intelligent Systems and Computing book series (AISC,volume 1289)

Abstract

The hypothesis for the study was that the relationship based on referrer links and the number of hops to a malicious site could indicate the risk to another website. The researchers chose Receiver Operating Characteristics (ROC) analysis as the method of comparing true-positive and false-positive rates for captured web traffic to test the predictive capabilities of the created model. Known threat indicators were used as designators and leveraged with the Neo4j graph database to map the relationships between other websites based on referring links. Using the referring traffic, the researchers mapped user visits across websites with a known relationship to track the rate at which users progressed from a non-malicious website to a known threat. The results were grouped by the hop distance from the known threat to calculate the predictive rate. The results of the model produced true-positive rates between 58.59% and 63.45% and false-positive rates between 7.42% and 37.50%, respectively. The true and false-positive rates suggest an improved performance based on the closer proximity from the known threat, while an increased referring distance from the threat resulted in higher rates of false-positives.

Keywords

Cyber security
Graphing database
Receiver operating characteristics
Neo4j
Website
Threat model

This is a preview of subscription content, access via your institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 259.00; Price excludes VAT (USA)

Softcover Book: USD 329.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Chiba, D., Tobe, K., Mori, T., Goto, S.: Detecting malicious websites by learning IP address features. In: 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, pp. 29–39. IEEE, Izmir (2012)
Google Scholar
Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)
CrossRef MathSciNet Google Scholar
Gillani, F., Al-Shaer, E., AsSadhan, B.: Economic metric to improve spam detectors. J. Netw. Comput. Appl. 65(C), 131–143 (2016)
Google Scholar
Gyöngyi, Z., Garcia-Molina, H., Pedersen, J.: Combating web spam with trustrank. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases, Endowment, Toronto, vol. 30, pp. 576–587. VLDB (2004)
Google Scholar
Wen, S., Zhao, Z., Yan, H.: Detecting malicious websites in depth through analyzing topics and web-pages. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy - ICCSP 2018, pp. 128–133. ACM, New York (2018)
Google Scholar
Rawal, B., Liang, S., Loukili, A., Duan, Q.: Anticipatory cyber security research: An ultimate technique for the first-move advantage. TEM J. 5(1), 3–14 (2016)
Google Scholar
de Bruijn, H., Janssen, M.: Building cybersecurity awareness: the need for evidence-based framing strategies. Gov. Inf. Q. 34(1), 1–7 (2017)
CrossRef Google Scholar
Schwarz, J., Morris, H.: Augmenting web pages and search results to support credibility assessment. In: Proceedings of the 2011 Annual Conference on Human Factors in Computing Systems - CHI 2011, pp. 1245–154. ACM, New York (2011)
Google Scholar
Kulp, P.: (Doctoral dissertation). Active cyber defense: A case study on responses to cyberattacks. Retrieved from ProQuest dissertations and theses database (UMI No. 13886134)
Google Scholar
Http-sniffer. https://github.com/caesar0301/http-sniffer. Accessed 19 Aug 2019
Neomodel. https://neomodel.readthedocs.io/en/latest. Accessed 02 Nov 2019
Zweig, M., Campbell, G.: Receiver-operating characteristic (ROC) plots: a fundamental evaluation tool in clinical medicine. Clin. Chem. 39(4), 561–577 (1993)
CrossRef Google Scholar

Download references

Author information

Authors and Affiliations

Cybrary Fellow, College Park, MD, 20737, USA
Philip H. Kulp & Nikki E. Robinson

Authors

Philip H. Kulp
View author publications
You can also search for this author in PubMed Google Scholar
Nikki E. Robinson
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philip H. Kulp .

Editor information

Editors and Affiliations

Faculty of Science and Engineering, Saga University, Saga, Japan
Prof. Dr. Kohei Arai
The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK
Supriya Kapoor
The Science and Information (SAI) Organization, Bradford, West Yorkshire, UK
Prof. Rahul Bhatia

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Kulp, P.H., Robinson, N.E. (2021). Graphing Website Relationships for Risk Prediction: Identifying Derived Threats to Users Based on Known Indicators. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Proceedings of the Future Technologies Conference (FTC) 2020, Volume 2 . FTC 2020. Advances in Intelligent Systems and Computing, vol 1289. Springer, Cham. https://doi.org/10.1007/978-3-030-63089-8_34

Download citation

DOI: https://doi.org/10.1007/978-3-030-63089-8_34
Published: 01 November 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-63088-1
Online ISBN: 978-3-030-63089-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)