Malicious URL Detection Based on Kolmogorov Complexity Estimation

Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval....

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2012 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology Ročník 1; s. 380 - 387
Hlavní autoři: Pao, Hsing-Kuo, Chou, Yan-Lin, Lee, Yuh-Jye
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 01.12.2012
Témata:
blacklist
Companies
Complexity theory
compression
Content management
Entropy
Feature extraction
Hands
Kolmogorov complexity
Length measurement
malicious URL
Turing machines
Uniform resource locators
ISBN:9781467360579, 1467360570
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval. We propose a detection method that is based on an estimation of the conditional Kolmogorov complexity of URL strings. To overcome the incomputability of Kolmogorov complexity, we adopt a compression method for its approximation, called conditional Kolmogorov measure. As a single significant feature for detection, we can achieve a decent performance that can not be achieved by any other single feature that we know. Moreover, the proposed Kolmogorov measure can work together with other features for a successful detection. The experiment has been conducted using a private dataset from a commercial company which can collect more than one million unclassified URLs in a typical hour. On average, the proposed measure can process such hourly data in less than a few minutes.
ISBN:9781467360579
1467360570
DOI:10.1109/WI-IAT.2012.258