{"title":"用于识别有风险的统一资源定位器 (URL) 的新型安全指标","authors":"Mahmood Deypir, Toktam Zoughi","doi":"10.1007/s40998-023-00690-x","DOIUrl":null,"url":null,"abstract":"<p>Attackers perform malicious activities by sending <i>URL</i>s to victims via e-mail, <i>SMS</i>, social network messages, and other means. Recently, intruders have been generating malicious <i>URL</i>s algorithmically. They also use shortening or obfuscation services to bypass firewalls and other security barriers. Some machine learning methods have been presented in order to identify malicious <i>URLs</i> from normal ones, all of which are subject to classification errors. On the other hand, it is impractical to have a complete and up-to-date blacklist due to large number of daily generated malicious <i>URL</i>s. Therefore, calculating the <i>URLs</i> security risk would be more helpful than <i>URLs</i> classification. In this way a user can correctly decide whether to use an unfamiliar <i>URL</i> if they know its associated security risk. In this study, the problem of <i>URLs</i> security risk computation is introduced and two effective novel criteria for this problem are proposed. Based on these criteria, a security risk score can be estimated for each incoming <i>URL</i>. In the first criterion, based on previous malicious and non-malicious <i>URL</i> instances, the extracted features of a <i>URL</i> are divided into two categories, those increase the risk and those reduce the security risk. In the second criterion, security risk score of an unknown <i>URL</i> is estimated based on its distances to nearest known malicious and also safe <i>URLs</i>. For both criterion, corresponding formulations and algorithms are also designed and are described. Extensive empirical evaluations on various real datasets show the effectiveness of the proposed criteria in terms of malicious <i>URL</i> detection rate. Moreover, our experiments show that the proposed metrics significantly outperforms previously proposed risk score criteria.</p>","PeriodicalId":49064,"journal":{"name":"Iranian Journal of Science and Technology-Transactions of Electrical Engineering","volume":"38 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Novel Security Metrics for Identifying Risky Unified Resource Locators (URLs)\",\"authors\":\"Mahmood Deypir, Toktam Zoughi\",\"doi\":\"10.1007/s40998-023-00690-x\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Attackers perform malicious activities by sending <i>URL</i>s to victims via e-mail, <i>SMS</i>, social network messages, and other means. Recently, intruders have been generating malicious <i>URL</i>s algorithmically. They also use shortening or obfuscation services to bypass firewalls and other security barriers. Some machine learning methods have been presented in order to identify malicious <i>URLs</i> from normal ones, all of which are subject to classification errors. On the other hand, it is impractical to have a complete and up-to-date blacklist due to large number of daily generated malicious <i>URL</i>s. Therefore, calculating the <i>URLs</i> security risk would be more helpful than <i>URLs</i> classification. In this way a user can correctly decide whether to use an unfamiliar <i>URL</i> if they know its associated security risk. In this study, the problem of <i>URLs</i> security risk computation is introduced and two effective novel criteria for this problem are proposed. Based on these criteria, a security risk score can be estimated for each incoming <i>URL</i>. In the first criterion, based on previous malicious and non-malicious <i>URL</i> instances, the extracted features of a <i>URL</i> are divided into two categories, those increase the risk and those reduce the security risk. In the second criterion, security risk score of an unknown <i>URL</i> is estimated based on its distances to nearest known malicious and also safe <i>URLs</i>. For both criterion, corresponding formulations and algorithms are also designed and are described. Extensive empirical evaluations on various real datasets show the effectiveness of the proposed criteria in terms of malicious <i>URL</i> detection rate. Moreover, our experiments show that the proposed metrics significantly outperforms previously proposed risk score criteria.</p>\",\"PeriodicalId\":49064,\"journal\":{\"name\":\"Iranian Journal of Science and Technology-Transactions of Electrical Engineering\",\"volume\":\"38 1\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2024-05-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Iranian Journal of Science and Technology-Transactions of Electrical Engineering\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://doi.org/10.1007/s40998-023-00690-x\",\"RegionNum\":4,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Iranian Journal of Science and Technology-Transactions of Electrical Engineering","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1007/s40998-023-00690-x","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
Novel Security Metrics for Identifying Risky Unified Resource Locators (URLs)
Attackers perform malicious activities by sending URLs to victims via e-mail, SMS, social network messages, and other means. Recently, intruders have been generating malicious URLs algorithmically. They also use shortening or obfuscation services to bypass firewalls and other security barriers. Some machine learning methods have been presented in order to identify malicious URLs from normal ones, all of which are subject to classification errors. On the other hand, it is impractical to have a complete and up-to-date blacklist due to large number of daily generated malicious URLs. Therefore, calculating the URLs security risk would be more helpful than URLs classification. In this way a user can correctly decide whether to use an unfamiliar URL if they know its associated security risk. In this study, the problem of URLs security risk computation is introduced and two effective novel criteria for this problem are proposed. Based on these criteria, a security risk score can be estimated for each incoming URL. In the first criterion, based on previous malicious and non-malicious URL instances, the extracted features of a URL are divided into two categories, those increase the risk and those reduce the security risk. In the second criterion, security risk score of an unknown URL is estimated based on its distances to nearest known malicious and also safe URLs. For both criterion, corresponding formulations and algorithms are also designed and are described. Extensive empirical evaluations on various real datasets show the effectiveness of the proposed criteria in terms of malicious URL detection rate. Moreover, our experiments show that the proposed metrics significantly outperforms previously proposed risk score criteria.
期刊介绍:
Transactions of Electrical Engineering is to foster the growth of scientific research in all branches of electrical engineering and its related grounds and to provide a medium by means of which the fruits of these researches may be brought to the attentionof the world’s scientific communities.
The journal has the focus on the frontier topics in the theoretical, mathematical, numerical, experimental and scientific developments in electrical engineering as well
as applications of established techniques to new domains in various electical engineering disciplines such as:
Bio electric, Bio mechanics, Bio instrument, Microwaves, Wave Propagation, Communication Theory, Channel Estimation, radar & sonar system, Signal Processing, image processing, Artificial Neural Networks, Data Mining and Machine Learning, Fuzzy Logic and Systems, Fuzzy Control, Optimal & Robust ControlNavigation & Estimation Theory, Power Electronics & Drives, Power Generation & Management The editors will welcome papers from all professors and researchers from universities, research centers,
organizations, companies and industries from all over the world in the hope that this will advance the scientific standards of the journal and provide a channel of communication between Iranian Scholars and their colleague in other parts of the world.