Detection of Hidden Fraudulent URLs within Trusted Sites Using Lexical Features

Author

Sorio, Enrico ; Bartoli, Alberto ; Medvet, Eric

Author_Institution

DIA - Eng. & Archit. Dept., Univ. of Trieste, Trieste, Italy

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

242

Lastpage

247

Abstract

Internet security threats often involve the fraudulent modification of a web site, often with the addition of new pages at URLs where no page should exist. Detecting the existence of such hidden URLs is very difficult because they do not appear during normal navigation and usually are not indexed by search engines. Most importantly, drive-by attacks leading users to hidden URLs, for example for phishing credentials, may fool even tech-savvy users, because such hidden URLs are increasingly hosted within trusted sites, thereby rendering HTTPS authentication ineffective. In this work, we propose an approach for detecting such URLs based only on their lexical features, which allows alerting the user before actually fetching the page. We assess our proposal on a dataset composed of thousands of URLs, with promising results.

Keywords

Internet; Web sites; computer network security; hypermedia; trusted computing; HTTPS authentication rendering; Internet security threat; Web site; fraudulent modification; hidden fraudulent URL detection; lexical feature; trusted site; Feature extraction; Magnetic heads; Servers; Support vector machines; Training; Tuning; Web sites; phishing; web site defacement;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.31

Filename

6657247