Beyond Blacklists: Learning to Detect Malicious Web Sites From Suspicious URLs

Free registration required

Executive Summary

Malicious Web sites are a cornerstone of Internet criminal activities. As a result, there has been broad interest in developing systems to prevent the end user from visiting such sites. This paper describes an approach to this problem based on automated URL classification, using statistical methods to discover the tell-tale lexical and host-based properties of malicious Web site URLs. These methods are able to learn highly predictive models by extracting and automatically analyzing tens of thousands of features potentially indicative of suspicious URLs. The resulting classifiers obtain 95 - 99% accuracy, detecting large numbers of malicious Web sites from their URLs, with only modest false positives.

  • Format: PDF
  • Size: 138.8 KB