Detecting Malicious Web Links and Identifying Their Attack Types

Malicious URLs have been widely used to mount various
cyber attacks including spamming, phishing and malware.

Detection of malicious URLs and identification of
threat types are critical to thwart these attacks. Knowing the type of a threat enables estimation of severity of the attack and helps adopt an effective countermeasure.

Existing methods typically detect malicious URLsof a single attack type. In this paper, we propose method using machine learning to detect malicious URLs of all the popular attack types and identify the nature of attack a malicious URL attempts to launch.

Our method uses a variety of discriminative features including textual properties, link structures, webpage contents, DNS information, and network traffic.

Many of these features are novel and highly effective.Our experimental
studies with 40,000 benign URLs and 32,000 malicious URLs obtained from real-life Internet sources show that our method delivers a superior performance: the accuracy was over 98% in detecting malicious URLs and over 93% in identifying attack types. We also report our studies on the effectiveness of each group of discriminative
features, and discuss their evadability. 


Published by:

siavash's picture