Searching Structural Neighborhood of Malicious URLs to Improve Blacklisting

Author

Akiyama, Mitsuaki ; Yagi, Takeshi ; Itoh, Mitsutaka

Author_Institution

NTT Inf. Sharing Platform Labortories, NTT Corp., Musashino, Japan

fYear

2011

fDate

18-21 July 2011

Firstpage

1

Lastpage

10

Abstract

Filtering based on blacklists is a major countermeasure against malicious websites. However, blacklists must be updated because malicious URLs tend to be short-lived and their sub strings may be partially mutated to avoid blacklisting. Due to these characteristics, it can be assumed that unknown malicious URLs exist in the neighborhood of known malicious URLs, created by the same adversary. We propose an effective blacklist URL generation method. We try to discover the URLs in the neighborhood of a malicious URL by using a search engine. Those suspicious neighborhoods around malicious URLs require further investigation to determine their blacklisting candidacy. We experimentally evaluated the proposed generation method by using real blacklisted URLs for both drive-by-download and click-download infection. The results showed that the proposed method can effectively improve identification of malicious URLs and maintenance of the coverage of blacklists.

Keywords

Internet; Web sites; invasive software; search engines; Web-based malware; blacklist URL generation method; click-download infection; drive-by-download infection; malicious URL; malicious Web sites; search engine; structural neighborhood searching; Browsers; Focusing; Internet; Malware; Monitoring; Search engines; Servers; blacklist; drive-by-download; web-based malware;

fLanguage

English

Publisher

ieee

Conference_Titel

Applications and the Internet (SAINT), 2011 IEEE/IPSJ 11th International Symposium on

Conference_Location

Munich, Bavaria

Print_ISBN

978-1-4577-0531-1

Electronic_ISBN

978-0-7695-4423-6

Type

conf

DOI

10.1109/SAINT.2011.11

Filename

6004128