URL String Information Extraction for Malicious URL Filter

• Main Authors: Min-Sheng Lin, 林閔笙
• Other Authors: Yuh-Jye Lee
• Format: Others
• Language: en_US
• Published: 2012
• Online Access: http://ndltd.ncl.edu.tw/handle/zzvhv2

碩士 === 國立臺灣科技大學 === 資訊工程系 === 100 === By the widespread adoption of web services, attacks over the web become regular threats, such as phishing and drive-by download. In reality, one million of URLs, which only contain about one hundred of malicious instances, are queried to the server for analyzing in one hour. It is impractical to analyze such an overwhelming amount of URLs by utilizing the content-based or host-based information. To overcome this overhead, we propose to use only the string information of the URLs, which are the lexical information and static characteristics of the URL strings, for filtering the malicious URLs. It is worth noting that the lexical information and static characteristics represent different natures of URL string. By exploring these two different kinds of information, two corresponding filters are built via different online learning algorithms. In our framework, the prediction results of these two filters are fused for the testing. In our experiments, the proposed filtering system can handle one million of URLs in 5 minutes and filter out 75% of URLs, which are regarded as benign. The remaining 25% suspicious URLs cover around 90% of the malicious ones. The promising result evidences that our proposed method is efficient and suitable for the analysis of large-scale URLs.