Presentation is loading. Please wait.

Presentation is loading. Please wait.

Source: Computer & Security, Vol. 77, No. 1, pp , Aug

Published byAysel Demirkan Modified over 5 years ago

Similar presentations

Presentation on theme: "Source: Computer & Security, Vol. 77, No. 1, pp , Aug"— Presentation transcript:

1 Malicious URL Protection based on Attackers’ Habitual Behavioral Analysis
Source: Computer & Security, Vol. 77, No. 1, pp , Aug Author: Sungjin Kim, Jinkook Kim, and Brent ByungHoon Kang Speaker: Ren-Kai Yang Date: 2019/02/14

2 Outline Introduction Related works Proposed scheme
Performance evaluation Conclusions

3 Introduction(1/3) www.youtub.com www.facebookc.om
Which one is the real Google site? 1. 2. 3. Malicious URL(Uniform Resource Locator) 植入網址(在網站建立新的網頁) 內容 程式碼(在HTML中植入javascript讓你網站的訪客重新導向到預先建立的惡意網站)

4 Introduction(2/3) Phishing

5 Introduction(3/3) Source:

6 Related works(1/4) Web-filtering

7 Related works(2/4) WHOIS

8 Related works(3/4) Alexa

9 Related works(4/4) URL: 140.134.131.145/discussion/Query.php
Feature-based URL: /discussion/Query.php Hostname Pathname Filename

10 Proposed scheme(1/4) Fuzzy-based similarly matching

11 Optimizing URLs to three malicious pools
Proposed scheme(2/4) (39%) 50-70 (19%) (17%) (10%) Feature extraction and grouping Training Optimizing URLs to three malicious pools 1. Domain pool 2. Path pool 3. Filename pool Classifier Based on similarity matching Domain Pathname Filename /images/index.html /PEG/ad/index1.html /PEG/js/index.php Classifier

12 Proposed scheme(3/4) 110.34.196.113/PEG/js/index2.html
Similarity measure and modeling /PEG/js/index2.html Parsing 1. Domain string 2. Path string 3. Filename string Fuzzing Classifier Result Input URL A parsed URL Output New URLs (Malicious & Benign) Levenshtein distance Domain Pathname Filename images index.html PEG/js index1.html PEG/ad index.php

13 Proposed scheme(4/4) Similarity measure and modeling(cont.)
Malicious or Benign? /PEG/jslab/index2.html Domain * Threshold = 0.9 Filename index.html index1.html index.php (0.45) index2.html (0.9) (0.72) index2.html (0.9) (0.72) index2.html (0.54) Pathname images PEG/js PEG/ad * Levenshtein distance = 7 (0.93) PEG/jslab (0) PEG/jslab (0.66) PEG/jslab (0.55)

14 Performance evaluation(1/3)
The average of the similarity probability ratio related to three finite feature sets.

15 Performance evaluation(2/3)
Variation in detection rate according to manipulation of FW threshold. Same Different Same Different

16 Performance evaluation(3/3)
Performance results Test Fuzzy Benign 573 6.885s Malicious 1301 56.083s Total 1874 62.968s

17 Conclusions Behaviors

18 Optimizing URLs to three malicious pools
Training Optimizing URLs to three malicious pools 1. Domain pool 2. Path pool 3. Filename pool Classifier Based on similarity matching Dataset selection Feature extraction Malicious URLs Distribution URLs Test Step Parsing 1. Domain string 2. Path string 3. Filename string Fuzzing Classifier Result Input URL A parsed URL Output New URLs (Malicious & Benign)

Download ppt "Source: Computer & Security, Vol. 77, No. 1, pp , Aug"

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
Date: 2013/1/17 Author: Yang Liu, Ruihua Song, Yu Chen, Jian-Yun Nie and Ji-Rong Wen Source: SIGIR12 Advisor: Jia-ling Koh Speaker: Chen-Yu Huang Adaptive.

Date: 2013/1/17 Author: Yang Liu, Ruihua Song, Yu Chen, Jian-Yun Nie and Ji-Rong Wen Source: SIGIR12 Advisor: Jia-ling Koh Speaker: Chen-Yu Huang Adaptive.
11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.

11 PhishNet: Predictive Blacklisting to detect Phishing Attacks Reporter: Gia-Nan Gao Advisor: Chin-Laung Lei 2010/4/26.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing Emails I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing emails. In Proceedings.

Report : 鄭志欣 Advisor: Hsing-Kuo Pao 1 Learning to Detect Phishing s I. Fette, N. Sadeh, and A. Tomasic. Learning to detect phishing s. In Proceedings.
Design and Evaluation of a Real-Time URL Spam Filtering Service

Design and Evaluation of a Real-Time URL Spam Filtering Service
Patch to the Future: Unsupervised Visual Prediction

Patch to the Future: Unsupervised Visual Prediction
1 Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author : Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date.

1 Efficient Private Matching and Set Intersection (EUROCRYPT, 2004) Author : Michael J.Freedman Kobbi Nissim Benny Pinkas Presentered by Chia Jui Hsu Date.
Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.

Accurately Detect Parked Domain Typo- squatting Attacks Mishari Almishari and Xiaowei Yang University of California, Irvine Donald Bren School of Information.
JSP 簡介. Outline 什麼是 JSP? JSP 運作模式 安裝 JSP JSP 範例一 JSP 範例二.

JSP 簡介. Outline 什麼是 JSP? JSP 運作模式 安裝 JSP JSP 範例一 JSP 範例二.
Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.

Prophiler: A fast filter for the large-scale detection of malicious web pages Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao Date : 2011/03/31 1.
Learning Table Extraction from Examples Ashwin Tengli, Yiming Yang and Nian Li Ma School of Computer Science Carnegie Mellon University Coling 04.

Learning Table Extraction from Examples Ashwin Tengli, Yiming Yang and Nian Li Ma School of Computer Science Carnegie Mellon University Coling 04.
Improving web image search results using query-relative classifiers Josip Krapacy Moray Allanyy Jakob Verbeeky Fr´ed´eric Jurieyy.

Improving web image search results using query-relative classifiers Josip Krapacy Moray Allanyy Jakob Verbeeky Fr´ed´eric Jurieyy.
Automated malware classification based on network behavior

Automated malware classification based on network behavior
PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.

PhishNet: Predictive Blacklisting to Detect Phishing Attacks Pawan Prakash Manish Kumar Ramana Rao Kompella Minaxi Gupta Purdue University, Indiana University.
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Engineering Applications of Artificial Intelligence,

Engineering Applications of Artificial Intelligence,
Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.
Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)

Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)
資訊碩一 10077034 蔡勇儀  Introduction  Method  Background generation and updating  Detection of moving object  Shape control points.

資訊碩一 蔡勇儀  Introduction  Method  Background generation and updating  Detection of moving object  Shape control points.

Similar presentations

Ads by Google