mslab

User Tools

Site Tools

Trace: malicious_url_detection
old revision restored (2025/04/23 21:27)
malicious_url_detection

Table of Contents

Introduction

  • Member : 蔡昀達, 廖其忻
  • Meeting :

Member

NameMail
蔡昀達bb04902103@gmail.com
廖其忻cayon.1318.96@hotmail.com
尹聖翔b06902103@ntu.edu.tw

public dataset

ISCX-URL-2016(https://www.unb.ca/cic/datasets/url-2016.html)

kaggle

  1. https://www.kaggle.com/antonyj453/urldataset
  2. https://www.kaggle.com/aktank/url-detection
  3. https://www.kaggle.com/deepak730/finding-malicious-url-through-url-features

Phising URLS

  1. Phishtank https://www.phishtank.com/developer_info.php
  2. Open Phis https://openphish.com/

SPAM URLS

  1. JWSPAMSPY http://www.joewein.de/sw/blacklist.htm

Malware URLS (These three does not update for a long time)

  1. DNS-BH - http://www.malwaredomains.com/wordpress/?page_id=66
  2. https://www.malwarepatrol.net/my-account/
  3. http://www.malwaredomainlist.com/

Benign URLS

  1. Majestic - https://majestic.com/reports/majestic-million

Other Source

  1. https://zeltser.com/malicious-ip-blocklists/

###### Black list

  1. EtherAddressLooup - https://etherscamdb.info/api
  2. Bambenek consulting - https://osint.bambenekconsulting.com/feeds/
  3. firehol - http://iplists.firehol.org/
  4. Spamhaus and DShield - http://www.squidblacklist.org/downloads/drop.malicious.rsc
  5. squidguard - http://www.squidguard.org/blacklists.html
  6. blackweb - https://github.com/maravento/blackweb

Intelligence website

White List - https://www.alexa.com/topsites

- Chrome外掛軟體 Googel WOT plugin

#####

- http://whois.domaintools.com

- https://www.urlvoid.com

- https://www.ipvoid.com/

- https://www.apivoid.com/api/domain-reputation/

#####

Black List (目前沒有可利用的資料)

- (主要是查IP)https://www.abuseipdb.com/

- (主要是Domain Name,僅參考)https://www.riskiq.com/platform/architecture/internet-data-sets/passive-dns/

- (黑名單太少,參考用)https://otx.alienvault.com/

Meeting

09/23 progress

  1. tfidf results
    1. accuracy : 98.3%
  2. model explain mechanism
    1. implemented : highlight trigger pattern
    2. results1 (tree interpreter):

  1. results2 (lime interpreter):

YearVenueTitleLinkAssign
2016ACMLIME:Why should i trust you?: Explaining the predictions of any classifierPDF
2014KAISShapley sampling values:Explaining prediction models and individual predictions with feature contributionsPDF
2017arxivDeepLIFT:Learning important features through propagating activation differencesPDF
2016IEEE SPQII:Algorithmic transparency via quantitative input influence: Theory and experiments with learning systemsPDF
2015PLoS ONELayer-wise relevance propagation:On pixel-wise explanations for non-linear classifier decisions by layer-wise relevance propagationPDF
2010PLoS ONEShapley regression values:Analysis of regression in game theory approachPDF

09/16

  1. check basline CNN model has high accuracy
  2. build tfidf model
  3. build explain feature
    1. triggered pattern
    2. malicious url family matching
  4. phishing url survey

07/31

  1. Collect training data
  2. Collect whois information
  3. manual feature
  4. model desgin

Reference

YearVenueTitleLinkAssign
2017arxivMalicious URL Detection using Machine Learning: A SurveyPDF

https://hackmd.io/RKXNLcvUQY2a-cQAESigqw?view

malicious_url_detection.txt · Last modified: 2025/05/02 17:32 by 3.135.198.159 · Currently locked by: 52.15.202.111

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki