SeedsMiner: Accurate URL Blacklist-Generation Based on Efficient OSINT Seed Collection
| Autor: | Yasuyuki Tanaka, Shingo Kashima |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Computer science
business.industry 02 engineering and technology computer.software_genre Computer security Internet security Blacklist ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS 020204 information systems 0202 electrical engineering electronic engineering information engineering Blacklisting Malware 020201 artificial intelligence & image processing The Internet business computer Countermeasure (computer) |
| Zdroj: | WI (Companion) |
| DOI: | 10.1145/3358695.3361751 |
| Popis: | Nowadays, increasing Internet use is plagued by malicious activity. Drive-by downloads are still a serious problem. Furthermore, new kinds of malicious sites are increasing. Published analysis has reported that 10% of Internet are malicious. To countermeasure these malicious URLs, blacklisting based on threat intelligence is widely used as a multilayer defense mechanism in modern Internet security techniques. Blacklisting on the network side is especially effective for protecting critical information infrastructure of various industries because it is not necessary to change the configuration or to use system resources. We propose a method of collecting efficiently malicious candidate URLs (seed) from open information and generating highly accurate blacklists based on information. This open information is called “Open Source Intelligence” (OSINT). OSINT information must be examined carefully to detect inaccuracies. Our seed collector that collects 50% or more truly malicious URLs, and we showed 75% of the blacklist generated by our proposed method was unknown to Google Safe Browsing. We also showed that malware collected by our method was rich in family variations, and 23% of the malware was unknown. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|