Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs

Mitsuaki Akiyama; Takeshi Yagi; Takeo Hariu

doi:10.1109/MITP.2012.118

IT Professional
PrePrints
Abstract - Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Mitsuaki Akiyama Articles by Takeshi Yagi Articles by Takeo Hariu

Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs

PrePrint

ISSN: 1520-9202

	ASCII Text	x
	Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, "Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs," IT Professional, vol. 99, no. 1, pp. 1, , 5555.

	BibTex	x
	@article{ 10.1109/MITP.2012.118, author = {Mitsuaki Akiyama and Takeshi Yagi and Takeo Hariu}, title = {Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs}, journal ={IT Professional}, volume = {99}, number = {1}, issn = {1520-9202}, year = {5555}, pages = {1}, doi = {http://doi.ieeecomputersociety.org/10.1109/MITP.2012.118}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IT Professional TI - Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs IS - 1 SN - 1520-9202 SP EP EPD - 1 A1 - Mitsuaki Akiyama, A1 - Takeshi Yagi, A1 - Takeo Hariu, PY - 5555 VL - 99 JA - IT Professional ER -

Mitsuaki Akiyama, NTT Corporation, Musashino

Takeshi Yagi, NTT Corporation, Musashino

Takeo Hariu, NTT Corporation, Musashino

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2012.118

Filtering based on blacklists is a major countermeasure against malicious websites. However, blacklists must be updated because malicious URLs tend to be short-lived and they may be partially mutated to avoid blacklisting. Due to these characteristics, it can be assumed that unknown malicious URLs exist in the neighborhood of known malicious URLs created by the same adversary. We propose an effective blacklist URL generation method, which discovers URLs in the neighborhood of a malicious URL by using a search engine. Those suspicious neighborhoods around malicious URLs require further investigation to determine their blacklisting candidacy. We experimentally evaluated the proposed generation method by using actual blacklisted URLs for both drive-by-download and click-download infection. The results showed that the proposed method can effectively improve identification of malicious URLs and maintenance of blacklist coverage.

Citation:

Mitsuaki Akiyama, Takeshi Yagi, Takeo Hariu, "Blacklisting Improvement: Inspecting Structural Neighborhood of Malicious URLs," IT Professional, 04 Dec. 2012. IEEE computer Society Digital Library. IEEE Computer Society, <http://doi.ieeecomputersociety.org/10.1109/MITP.2012.118>

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.