Detecting Malicious URLs Based on Machine Learning Algorithms and Word Embeddings

Crisan, Andrei; Florea, Gabriel; Halasz, L.; Lemnaru, Camelia; Oprişa, Ciprian

doi:10.1109/iccp51029.2020.9266139

Cited by 8 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Six different neural network architectural models were developed and compared: Feedforward Neural Network (FNN), Bi-directional RNN (Bi-RNN), Gated Recurrent Unit (GRU), Long Short-Term Memory (LSTM), Recurrent Neural Network (RNN), and Convolutional Neural Network (CNN). These models were chosen based on previous studies, which have shown that these models have demonstrated promising performance in a variety of phishing detection-related applications [22][23][24][25][26].…”

Section: Architecture Performance Comparisonsmentioning

confidence: 99%

Towards a Hybrid Security Framework for Phishing Awareness Education and Defense

Loh,

Lee,

Balachandran

2024

Future Internet

View full text Add to dashboard Cite

The rise in generative Artificial Intelligence (AI) has led to the development of more sophisticated phishing email attacks, as well as an increase in research on using AI to aid the detection of these advanced attacks. Successful phishing email attacks severely impact businesses, as employees are usually the vulnerable targets. Defense against such attacks, therefore, requires realizing defense along both technological and human vectors. Security hardening research work along the technological vector is few and focuses mainly on the use of machine learning and natural language processing to distinguish between machine- and human-generated text. Common existing approaches to harden security along the human vector consist of third-party organized training programmes, the content of which needs to be updated over time. There is, to date, no reported approach that provides both phishing attack detection and progressive end-user training. In this paper, we present our contribution, which includes the design and development of an integrated approach that employs AI-assisted and generative AI platforms for phishing attack detection and continuous end-user education in a hybrid security framework. This framework supports scenario-customizable and evolving user education in dealing with increasingly advanced phishing email attacks. The technological design and functional details for both platforms are presented and discussed. Performance tests showed that the phishing attack detection sub-system using the Convolutional Neural Network (CNN) deep learning model architecture achieved the best overall results: above 94% accuracy, above 95% precision, and above 94% recall.

show abstract

Section: Architecture Performance Comparisonsmentioning

confidence: 99%

Towards a Hybrid Security Framework for Phishing Awareness Education and Defense

Loh,

Lee,

Balachandran

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…A study conducted by Vundavalli et al [45] aimed to distinguish between benign and malicious websites They obtained their dataset from the Kaggle website [46]. The best result was achieved by naive bayes (NB) with an accuracy of 91%.…”

Section: ) Lexical Content-based and Network-based Features Studiesmentioning

confidence: 99%

Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions

et al. 2022

View full text Add to dashboard Cite

In recent years, the digital world has advanced significantly, particularly on the Internet, which is critical given that many of our activities are now conducted online. As a result of attackers' inventive techniques, the risk of a cyberattack is rising rapidly. One of the most critical attacks is the malicious URL intended to extract unsolicited information by mainly tricking inexperienced end users, resulting in compromising the user's system and causing losses of billions of dollars each year. As a result, securing websites is becoming more critical. In this paper, we provide an extensive literature review highlighting the main techniques used to detect malicious URLs that are based on machine learning models, taking into consideration the limitations in the literature, detection technologies, feature types, and the datasets used. Moreover, due to the lack of studies related to malicious Arabic website detection, we highlight the directions of studies in this context. Finally, as a result of the analysis that we conducted on the selected studies, we present challenges that might degrade the quality of malicious URL detectors, along with possible solutions.

show abstract

“…Attackers combine a reflected XSS vulnerability with other types of attacks to boost the effect of exploiting such a vulnerability. This approach has resulted in a new type of computer attack called clickjacking, which tricks a person into clicking a link that is invisible or disguised as some other element [10,11]. Clickjacking has the following features:…”

Section: Reflected Xssmentioning

confidence: 99%

Detection of Web Cross-Site Scripting (XSS) Attacks

et al. 2022

View full text Add to dashboard Cite

Most applications looking for XSS vulnerabilities have a variety of weaknesses related to the nature of constructing internet applications. Existing XSS vulnerability packages solely scan public net resources, which negatively influences the safety of internet resources. Threats may be in non-public sections of internet resources that can only be accessed by approved users. The aim of this work is to improve available internet functions for preventing XSS assaults by creating a programme that detects XSS vulnerabilities by completely mapping internet applications. The innovation of this work lies in its use of environment-friendly algorithms for locating extraordinary XSS vulnerabilities in addition to encompassing pre-approved XSS vulnerability scanning in examined internet functions to generate a complete internet resource map. Using the developed programme to discover XSS vulnerabilities increases the effectiveness of internet utility protection. This programme also simplifies the use of internet applications. Even customers unfamiliar with the fundamentals of internet security can use this programme due to its capability to generate a document with suggestions for rectifying detected XSS vulnerabilities.

show abstract

Detecting Malicious URLs Based on Machine Learning Algorithms and Word Embeddings

Cited by 8 publications

References 7 publications

Towards a Hybrid Security Framework for Phishing Awareness Education and Defense

Towards a Hybrid Security Framework for Phishing Awareness Education and Defense

Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions

Detection of Web Cross-Site Scripting (XSS) Attacks

Contact Info

Product

Resources

About