Characterizing Malicious URL Campaigns
- URL: http://arxiv.org/abs/2108.12726v1
- Date: Sun, 29 Aug 2021 01:00:44 GMT
- Title: Characterizing Malicious URL Campaigns
- Authors: Mahathir Almashor, Ejaz Ahmed, Benjamin Pick, Sharif Abuadbba, Raj
Gaire, Seyit Camtepe, Surya Nepal
- Abstract summary: URLs are central to a myriad of cyber-security threats, from phishing to the distribution of malware.
Their inherent ease of use and familiarity is continuously abused by attackers to evade defences and deceive end-users.
We refer to such behaviours as campaigns, with the hypothesis being that attacks are often coordinated to maximize success rates and develop evasion tactics.
- Score: 16.807162826069185
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: URLs are central to a myriad of cyber-security threats, from phishing to the
distribution of malware. Their inherent ease of use and familiarity is
continuously abused by attackers to evade defences and deceive end-users.
Seemingly dissimilar URLs are being used in an organized way to perform
phishing attacks and distribute malware. We refer to such behaviours as
campaigns, with the hypothesis being that attacks are often coordinated to
maximize success rates and develop evasion tactics. The aim is to gain better
insights into campaigns, bolster our grasp of their characteristics, and thus
aid the community devise more robust solutions. To this end, we performed
extensive research and analysis into 311M records containing 77M unique
real-world URLs that were submitted to VirusTotal from Dec 2019 to Jan 2020.
From this dataset, 2.6M suspicious campaigns were identified based on their
attached metadata, of which 77,810 were doubly verified as malicious. Using the
38.1M records and 9.9M URLs within these malicious campaigns, we provide varied
insights such as their targeted victim brands as well as URL sizes and
heterogeneity. Some surprising findings were observed, such as detection rates
falling to just 13.27% for campaigns that employ more than 100 unique URLs. The
paper concludes with several case-studies that illustrate the common malicious
techniques employed by attackers to imperil users and circumvent defences.
Related papers
- Next Generation of Phishing Attacks using AI powered Browsers [0.0]
The model had an accuracy of 98.32%, precision of 98.62%, recall of 97.86%, and an F1-score of 98.24%.
The zero-day phishing attack detection testing over a 15-day period revealed the model's capability to identify previously unseen threats.
The model had successfully detected phishing URLs that evaded detection by Google safe browsing.
arXiv Detail & Related papers (2024-06-18T12:24:36Z) - Mitigating Label Flipping Attacks in Malicious URL Detectors Using
Ensemble Trees [16.16333915007336]
Malicious URLs provide adversarial opportunities across various industries, including transportation, healthcare, energy, and banking.
backdoor attacks involve manipulating a small percentage of training data labels, such as Label Flipping (LF), which changes benign labels to malicious ones and vice versa.
We propose an innovative alarm system that detects the presence of poisoned labels and a defense mechanism designed to uncover the original class labels.
arXiv Detail & Related papers (2024-03-05T14:21:57Z) - BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive
Learning [85.2564206440109]
This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses.
We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
arXiv Detail & Related papers (2023-11-20T02:21:49Z) - DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified
Robustness [58.23214712926585]
We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection.
Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables.
We are the first to offer certified robustness in the realm of static detection of malware executables.
arXiv Detail & Related papers (2023-03-20T17:25:22Z) - Phishing URL Detection: A Network-based Approach Robust to Evasion [17.786802845563745]
We present a network-based inference method to accurately detect phishing URLs camouflaged with legitimate patterns.
Our method consistently shows better detection performance throughout various experimental tests than state-of-the-art methods.
arXiv Detail & Related papers (2022-09-03T16:09:05Z) - Unraveling Threat Intelligence Through the Lens of Malicious URL
Campaigns [21.185063151766798]
We analyse suspicious URLs from SIEM alerts via the perspective of malicious URL campaigns.
By first grouping URLs within 311M records gathered from VirusTotal into 2.6M suspicious clusters, we discovered 77.8K malicious campaigns.
We find 9.9M unique attributable to 18.3K multi-URL campaigns, and that only 2.97% of campaigns were found by security vendors.
arXiv Detail & Related papers (2022-08-26T06:10:13Z) - An Adversarial Attack Analysis on Malicious Advertisement URL Detection
Framework [22.259444589459513]
Malicious advertisement URLs pose a security risk since they are the source of cyber-attacks.
Existing malicious URL detection techniques are limited and to handle unseen features as well as generalize to test data.
In this study, we extract a novel set of lexical and web-scrapped features and employ machine learning technique to set up system for fraudulent advertisement URLs detection.
arXiv Detail & Related papers (2022-04-27T20:06:22Z) - Unified Detection of Digital and Physical Face Attacks [61.6674266994173]
State-of-the-art defense mechanisms against face attacks achieve near perfect accuracies within one of three attack categories, namely adversarial, digital manipulation, or physical spoofs.
We propose a unified attack detection framework, namely UniFAD, that can automatically cluster 25 coherent attack types belonging to the three categories.
arXiv Detail & Related papers (2021-04-05T21:08:28Z) - Being Single Has Benefits. Instance Poisoning to Deceive Malware
Classifiers [47.828297621738265]
We show how an attacker can launch a sophisticated and efficient poisoning attack targeting the dataset used to train a malware classifier.
As opposed to other poisoning attacks in the malware detection domain, our attack does not focus on malware families but rather on specific malware instances that contain an implanted trigger.
We propose a comprehensive detection approach that could serve as a future sophisticated defense against this newly discovered severe threat.
arXiv Detail & Related papers (2020-10-30T15:27:44Z) - Keystroke Biometrics in Response to Fake News Propagation in a Global
Pandemic [77.79066811371978]
This work proposes and analyzes the use of keystroke biometrics for content de-anonymization.
Fake news have become a powerful tool to manipulate public opinion, especially during major events.
arXiv Detail & Related papers (2020-05-15T17:56:11Z) - Deflecting Adversarial Attacks [94.85315681223702]
We present a new approach towards ending this cycle where we "deflect" adversarial attacks by causing the attacker to produce an input that resembles the attack's target class.
We first propose a stronger defense based on Capsule Networks that combines three detection mechanisms to achieve state-of-the-art detection performance.
arXiv Detail & Related papers (2020-02-18T06:59:13Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.