Visible to the public Malicious URL Linkage Analysis and Common Pattern Discovery

TitleMalicious URL Linkage Analysis and Common Pattern Discovery
Publication TypeConference Paper
Year of Publication2019
AuthorsHuang, S., Chuang, T., Huang, S., Ban, T.
Conference Name2019 IEEE International Conference on Big Data (Big Data)
Date PublishedDec. 2019
ISBN Number978-1-7281-0858-2
Keywordsblacklisting, business communication, computer network security, Couplings, Crawlers, drive-by download, graph theory, graph-based model, Human Behavior, Industries, Internet, linkage analysis, malicious destinations, malicious domain name, malicious domain names, Malicious URL, malicious URL linkage analysis, Malware, malware analysis, Metrics, open-source threat intelligence, privacy, pubcrawl, real enterprise network, resilience, Resiliency, Uniform resource locators, URL, Web pages, website

Malicious domain names are consistently changing. It is challenging to keep blacklists of malicious domain names up-to-date because of the time lag between its creation and detection. Even if a website is clean itself, it does not necessarily mean that it won't be used as a pivot point to redirect users to malicious destinations. To address this issue, this paper demonstrates how to use linkage analysis and open-source threat intelligence to visualize the relationship of malicious domain names whilst verifying their categories, i.e., drive-by download, unwanted software etc. Featured by a graph-based model that could present the inter-connectivity of malicious domain names in a dynamic fashion, the proposed approach proved to be helpful for revealing the group patterns of different kinds of malicious domain names. When applied to analyze a blacklisted set of URLs in a real enterprise network, it showed better effectiveness than traditional methods and yielded a clearer view of the common patterns in the data.

Citation Keyhuang_malicious_2019