Dharmaraj Rajaram Patil; Jayantrao Patil
Abstract
Nowadays, malicious URLs are the common threat to the businesses, social networks, net-banking etc. However, malicious URLs deal with various Web attacks like phishing, spamming and malware distribution. Existing approaches have focused on binary detection i.e. either the URL is malicious or benign. ...
Read More
Nowadays, malicious URLs are the common threat to the businesses, social networks, net-banking etc. However, malicious URLs deal with various Web attacks like phishing, spamming and malware distribution. Existing approaches have focused on binary detection i.e. either the URL is malicious or benign. Very few literature is found which focused on the detection of malicious URLs and their attack types. Hence, it becomes necessary to know the attack type and adopt an effective countermeasure. This paper proposed a methodology to detect malicious URLs and the type of attacks based on multi-class classification. In this work, we proposed 42 new features of spam, phishing and malware URLs like URL Features, URL Source Features, Domain Name Features and Short URLs Features. These features are not considered in the earlier studies for malicious URLs detection and attack types identification. Binary and multi-class dataset is constructed using 49935 malicious and benign URLs. It consists of 26041 benign and 23894 malicious URLs containing 11297 malware,8976 phishing and 3621 spam URLs. To evaluate the proposed approach, state of the art supervised batch and online machine learning classifiers are used. Experiments are performed on the binary andmulti-class dataset using the aforementioned machine learning classifiers. It is found that, confidence weighted learning classifier achieved the best 98.44% average detection accuracy with 1.56% error-rate in the multi-class setting and 99.86% detection accuracy with negligible error-rate of 0.14% in binary setting using our proposed URL features.