Automating URL Blacklist Generation with Similarity Search Approach
-
- SUN Bo
- Dept. of Communication Engineering, Waseda University
-
- AKIYAMA Mitsuaki
- NTT Secure Platform Laboratories, NTT Corporation
-
- YAGI Takeshi
- NTT Secure Platform Laboratories, NTT Corporation
-
- HATADA Mitsuhiro
- Dept. of Communication Engineering, Waseda University
-
- MORI Tatsuya
- Dept. of Communication Engineering, Waseda University
Abstract
Modern web users may encounter a browser security threat called drive-by-download attacks when surfing on the Internet. Drive-by-download attacks make use of exploit codes to take control of user's web browser. Many web users do not take such underlying threats into account while clicking URLs. URL Blacklist is one of the practical approaches to thwarting browser-targeted attacks. However, URL Blacklist cannot cope with previously unseen malicious URLs. Therefore, to make a URL blacklist effective, it is crucial to keep the URLs updated. Given these observations, we propose a framework called automatic blacklist generator (AutoBLG) that automates the collection of new malicious URLs by starting from a given existing URL blacklist. The primary mechanism of AutoBLG is expanding the search space of web pages while reducing the amount of URLs to be analyzed by applying several pre-filters such as similarity search to accelerate the process of generating blacklists. AutoBLG consists of three primary components: URL expansion, URL filtration, and URL verification. Through extensive analysis using a high-performance web client honeypot, we demonstrate that AutoBLG can successfully discover new and previously unknown drive-by-download URLs from the vast web space.
Journal
-
- IEICE Transactions on Information and Systems
-
IEICE Transactions on Information and Systems E99.D (4), 873-882, 2016
The Institute of Electronics, Information and Communication Engineers
- Tweet
Details 詳細情報について
-
- CRID
- 1390282679354219392
-
- NII Article ID
- 130005141351
-
- ISSN
- 17451361
- 09168532
-
- Text Lang
- en
-
- Data Source
-
- JaLC
- Crossref
- CiNii Articles
-
- Abstract License Flag
- Disallowed