Taxonomy of malicious URL detection techniques
Guardado en:
| Autores: | , , |
|---|---|
| Formato: | comunicación de congreso |
| Fecha de Publicación: | 2024 |
| Descripción: | Malicious URLs are often used by phishing campaigns, botnets and other attacks. Indeed, DNS traffic is necessary for the Internet to function correctly, which means that this data flow cannot be blocked. For these reasons, detecting malicious URLs is both important, challenging and still an open research problem. There are two types of techniques used to detect malicious URLs: rules-based and machine-learning based. The traditional, rules-based techniques rely on blacklists and heuristics. These techniques struggle to keep up with a rapidly changing array of malicious URLs. Therefore, machine learning-based techniques have emerged. These techniques rely on URL characteristics such as length, number of vowels and others to classify them as legitimate or malicious. The main contribution of this paper is to propose a taxonomy of detection techniques and to point out which URL characteristics are used by each method. While surveys on the topics exist, a precise mapping between the detection methods and the characteristics is not available and we propose one. We also compare these techniques, highlighting that machine learning-based techniques are more complex to implement but better at keeping up with rapidly incoming new malicious URLs. In contrast, rules-based techniques are simpler and easier to implement, but they struggle to update fast enough to identify new malicious URLs. |
| País: | Kérwá |
| Institución: | Universidad de Costa Rica |
| Repositorio: | Kérwá |
| Lenguaje: | Inglés |
| OAI Identifier: | oai:kerwa.ucr.ac.cr:10669/102006 |
| Acceso en línea: | https://link.springer.com/chapter/10.1007/978-3-031-54235-0_7 https://hdl.handle.net/10669/102006 https://doi.org/10.1007/978-3-031-54235-0_7 |
| Palabra clave: | malicious URLs machine learning blacklist-based classification URL classification |