Malicious URL Detection using Machine Learning

Siddeeq, Abubakar

17 October 2022

Malicious URL detection is important for cyber security experts and security agencies. With the drastic increase in internet usage, the distribution of such malware is a serious issue. Due to the wide variety of this malware, detection even with antivirus software is difficult. More than 12.8 million malicious URL websites are currently running. In this thesis, several machine learning classifiers along with ensemble methods are used to formulate a framework to detect this malware. Principal component analysis, k-fold cross-validation, and hyperparameter tuning are used to improve performance. A dataset from Kaggle is used for classification. Accuracy, precision, recall, and f-score are used as metrics to determine the model performance. Moreover, model behavior with a majority of one label in the dataset is also examined as is typical in the real world. / Graduate

Machine learning

URL

Malicious URL

ML

Aesthetics and automatic layout of UML class diagrams / Ästhetik und automatisches Layout von UML Klassendiagrammen

Eichelberger, Holger

January 2005

In the last years, visual methods have been introduced in industrial software production and teaching of software engineering. In particular, the international standardization of a graphical software engineering language, the Unified Modeling Language (UML) was a reason for this tendency. Unfortunately, various problems exist in concrete realizations of tools, e.g. due to a missing compliance to the standard. One problem is the automatic layout, which is required for a consistent automatic software design. The thesis derives reasons and criteria for an automatic layout method, which produces drawings of UML class diagrams according to the UML specification and issues of human computer interaction, e.g. readability. A unique set of aesthetic criteria is combined from four different disciplines involved in this topic. Based on these aethetic rules, a hierarchical layout algorithm is developed, analyzed, measured by specialized measuring techniques and compared to related work. Then, the realization of the algorithm as a Java framework is given as an architectural description. Finally, adaptions to anticipated future changes of the UML, improvements of the framework and example drawings of the implementation are given. / Visuelle Techniken im Software-Entwurf haben in den letzten Jahre Einzug in Industrie und Lehre gehalten. Begünstigt wurde dies durch die Unified Modeling Language (UML), eine international standardisierte, graphische Entwurfssprache. Dennoch klaffen weite Lücken bei der Umsetzung in konkrete Tools, teils an der Realisierung des Standards, insbesondere aber auch beim automatischen Layout, das für konsistenten (teil-)automatisierten Softwareentwurf unerlässlich ist. Die Arbeit stellt zunächst Gründe und Kriterien für ein standardkonformes, menschenlesbares automatisches Layout von UML Klassendiagrammen zusammen. Ästhetische Kriterien werden aus vier unterschiedlichen Fachdisziplinen destilliert und kombiniert. Basierend auf diesen Kriterien wird danach ein hierarchischer Layoutalgorithmus entwickelt, analysiert, mit speziellen Messverfahren vermessen und mit Konkurrenzalgorithmen verglichen. Im Anschluss daran wird die Realisierung des Algorithmus als Java-Framework im Rahmen einer Architekturbeschreibung diskutiert. Anpassungen an zukünftige Entwicklungen der UML, Weiterentwicklungen des Frameworks und Beispieldiagramme, die von der Implementierung generiert wurden, runden die Arbeit ab.

URL

Klassendiagramm

ddc:004

Phishing Detection Based on URL and TF-IDF

Chu, I-chun

08 September 2009

Peopel now use E-mail to communicate mutually is widespread. For example, schools convey information to students through e-mail, companies convey to the staff in charge of the task, friends to share the interested things of internet through e-mail and so on. Because of the imperfect of SMTP protocol, the spammer and phisher can delivery phishing e-mail or spam to unknown recipients widely and easily by the forged sender ID. It was result in the recipient's e-mail filled with numerous unsolicited advertising e-mail or faked electronic commerce e-mail. Some content of spam are advertising alone, but some are with harmful attachments, for instance, trojan or virus. Phishing use the name of online banking, Internet auction to delivery numerous e-mail, which let the recipient to believe the contents of the e-mail. By clicking the hyperlink connected to the website of the phishing, and input personal account, password, causing the recipient to lose their money or reputation. Information security software vendor SonicWall 2008¡¦s whitepaper points out that even if the obvious tips of the e-mail which is a phishing e-mail, some percent recipient still click on the hyperlink and input their personal ID and password. This means that the recipinet can easily pay attention to the hyperlink. In this research, by analysising of the information of the URL link in e-mail to detect whether the mail server have been recived phishing e-mail to protect users from phishing in the crisis.

URL

Domain

Phishing

Aesthetics and automatic layout of UML class diagrams

Eichelberger, Holger.

Unknown Date

University, Diss., 2005--Würzburg.

Towards web supported identification of top affiliations from scholarly papers

Aumüller, David

11 October 2018

Frequent successful publications by specific institutions are indicators for identifying outstanding centres of research. This institution data are present in scholarly papers as the authors‟ affilations – often in very heterogeneous variants for the same institution across publications. Thus, matching is needed to identify the denoted real world institutions and locations. We introduce an approximate string metric that handles acronyms and abbreviations. Our URL overlap similarity measure is based on comparing the result sets of web searches. Evaluations on affiliation strings of a conference prove better results than soft tf/idf, trigram, and levenshtein. Incorporating the aligned affiliations we present top institutions and countries for the last 10 years of SIGMOD.

SIGMOD; URL overlap

Anomaly Based Malicious URL Detection in Instant Messaging

Lin, Jia-bin

15 July 2009

Instant messaging (IM) has been a platform of spreading malware for hackers due to its popularity and immediacy. To evade anti-virus detection, hacker might send malicious URL message, instead of malicious binary file. A malicious URL is a link pointing to a malware file or a phishing site, and it may then propagate through the victim's contact list. Moreover, hacker sometimes might use social engineering tricks making malicious URLs hard to be identified. The previous solutions are improper to detect IM malicious URL in real-time. Therefore, we propose a novel approach for detecting IM malicious URL in a timely manner based on the anomalies of URL messages and sender's behavior. Malicious behaviors are profiled as a set of behavior patterns and a scoring model is developed to evaluate the significance of each anomaly. To speed up the detection, the malicious behavior patterns can identify known malicious URLs efficiently, while the scoring model is used to detect unknown malicious URLs. Our experimental results show that the proposed approach achieves low false positive rate and low false negative rate.

Malicious URL

Instant Messaging

IM Worms

En balanserad blockering? : Blockering av hemsidor enligt 53 b § URL i ljuset av grundläggande rättigheter i EU-stadgan

Svensson, Charlotte

January 2016

No description available.

blockering

mänskliga rättigheter

EU-stadgan

53 b § URL

rättighetsavvägning

Malicious URL Detection in Social Network

Su, Qun-kai

15 August 2011

Social network web sites become very popular nowadays. Users can establish connections with other users forming a social network, and quickly share information, photographs, and videos with friends. Malwares called social network worms can send text messages with malicious URLs by employing social engineering techniques. They are trying let users click malicious URL and infect users. Also, it can quickly attack others by infected user accounts in social network. By curiosity, most users click it without validation. This thesis proposes a malicious URL detection method used in Facebook wall, which used heuristic features with high classification property and machine learning algorithm, to predict the safety of URL messages. Experiments show that, the proposed approach can achieve about 96.3% of True Positive Rate, 95.4% of True Negative Rate, and 95.7% of Accuracy.

Malware

Machine learning

Malicious URL

Social network

Social Engineering

Online Content Popularity in the Twitterverse: A Case Study of Online News

2014 January 1900

With the advancement of internet technology, online news content has become very popular. People can now get live updates of the world's news through online news sites. Social networking sites are also very popular among Internet users, for sharing pictures, videos, news links and other online content. Twitter is one of the most popular social networking and microblogging sites. With Twitter's URL shortening service, a news link can be included in a tweet with only a small number of characters, allowing the rest of the tweet to be used for expressing views on the news story. Social links can be unidirectional in Twitter, allowing people to follow any person or organization and get their tweet updates, and share those updates with their own followers if desired. Through Twitter thousands of news links are tweeted every day. Whenever there is a popular new story, different news sites will publish identical or nearly identical versions (``clones'') of that story. Though these clones have the same or very similar content, the level of popularity they achieve may be quite different due to content agnostic factors such as influential tweeters, time of publication and the popularities of the news sites. It is very important for the content provider site to know about which factor plays a important role to make their news link popular. In this thesis research, a data set is collected containing the tweets made for the 218 members of 25 distinct sets of news story clones. The collected data is analyzed with respect to basic popularity characteristics concerning number of tweets of various types, relative publication times of clone set members, tweet timing and number of tweeter followers. Then, several other factors are investigated to see their impact in making some news story clones more popular than others. It is found that multiple content-agnostic factors i.e. maximum number of followers, self promotional tweets plays an impact on news site's stories overall popularity, and a first step is taken at quantifying their relative importance.

Twitter

Social Network

Online News Sites

Search API

HTTP

URL

3D-skrivarens intåg i immaterialrätten : - Om 3D-bilder, 49 § URL och vikten av lämpliga avtalslicenser

Fyrqvist, Emelie

January 2015

No description available.

3D-skrivare

3D-bild

katalogskydd

databasskydd

49 § URL