Pure-Octet Extraction based Technique for Identifying Malicious URLs based on IP Address Attributes

Full Text (PDF, 642KB), PP.25-32

Views: 0 Downloads: 0

Author(s)

Aasha Singh 1,* Awadhesh Kumar 1 Ajay Kumar Bharti 2 Vaishali Singh 3

1. KNIT, Sultanpur, India

2. BBDU, Lucknow, India

3. MUIT, Lucknow, India

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2022.06.03

Received: 19 May 2022 / Revised: 5 Jun. 2022 / Accepted: 27 Jul. 2022 / Published: 8 Dec. 2022

Index Terms

URLs, SVM, IP address, Malware, Pure-Octet, Decision Tree, Accuracy.

Abstract

On the basis of characteristics derived from IPv4 addresses, this paper offers a method for identifying interaction linked with website-based malware and then modelling a machine-learning-based classifier.  In this research work, a modified approach is proposed for detecting fraudulent websites and compared with other methods like SVM assessment of IP addresses, octet-based technique, modified extended version of octet-based technique, and bit string-based characteristics. This modified approach is based on the fact that logical addressing is more reliable and consistent than other measures like URLs and DNS. The characteristic sequence which makes up URLs and domain names are more changeable with respect to IP addresses which are less changeable in comparison to URLs or domain names. The IPv4 address length is encoded into 4-byte space. Here, we have evaluated our modified approach with valid IP addresses from Kaggle [11], published on January 16, 2018, have been used to validate the efficacy of their metho.

Cite This Paper

Aasha Singh, Awadhesh Kumar, Ajay Kumar Bharti, Vaishali Singh, "Pure-Octet Extraction based Technique for Identifying Malicious URLs based on IP Address Attributes", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.12, No.6, pp. 25-32, 2022. DOI:10.5815/ijwmt.2022.06.03

Reference

[1]M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, “Building a dynamic reputation system for dns,” in Proceedings of the 19th USENIX conference on Security, ser. USENIX Security’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 18–18. 

[2]M. Akiyama, M. Iwamura, Y. Kawakoya, K. Aoki, and M. Itoh, “Design and implementation of high interaction client honeypot for drive-by-download attacks,” IEICE Transactions on Communications, vol. E93.B, no. 5, pp. 1131– 1139, 2010. 

[3]M. Felegyhazi, C. Kreibich, and V. Paxson, “On the potential of proactive domain blacklisting,” in Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more, ser. LEET’10. Berkeley, CA, USA: USENIX Association, 2010, pp. 6–6.

[4]J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, “Beyond blacklists: learning to detect malicious web sites from suspicious urls,” in Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining, ser. KDD ’09. New York, NY, USA: ACM, 2009, pp. 1245–1254.

[5]A. Renjan, K. P. Joshi, S. N. Narayanan and A. Joshi, "DAbR: Dynamic attribute-based reputation scoring for malicious IP address detection", IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 64-69, Nov 2018.

[6]V. Paxson, “Bro: a system for detecting network intruders in real-time,” in Proceedings of the 7th conference on USENIX Security Symposium - Volume 7. Berkeley, CA, USA: USENIX Association, 1998, pp. 3–3. 

[7]M. Roesch, “Snort - lightweight intrusion detection for networks,” in Proceedings of the 13th USENIX conference on System administration, ser. LISA ’99. Berkeley, CA, USA: USENIX Association, 1999, pp. 229–238. 

[8]M. Ishida, H. Takakura, and Y. Okabe, “High-performance intrusion detection using optigrid clustering and grid-based labelling,” in Applications and the Internet (SAINT), 2011 IEEE/IPSJ 11th International Symposium on, Jul. 2011, pp. 11 –19. 

[9]C. Seifert, I. Welch, P. Komisarczuk et al., “Honeyc-the lowinteraction client honeypot,” Proceedings of the 2007 NZCSRCS, Waikato University, Hamilton, New Zealand, 2007.

[10]Capture-hpc. [Online]. Available: https://projects.honeynet. org/capture-hpc/

[11]https://www.kaggle.com/cheedcheed/top1m/metadata

[12]http://lists.blocklist.de/lists/all.txt 

[13]D. Chiba, K. Tobe, et al., “Detecting Malicious Websites by Learning IP Address Features”, 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet, 2012.

[14]Mahmoud Jazzar, Rasheed F. Yousef, Derar Eleyan, "Evaluation of Machine Learning Techniques for Email Spam Classification", International Journal of Education and Management Engineering (IJEME), Vol.11, No.4, pp. 35-42, 2021. DOI: 10.5815/ijeme.2021.04.04.

[15]Yahya Alamlahi, Abdulrahman Muthana,"An Email Modelling Approach for Neural Network Spam Filtering to Improve Score-based Anti-spam Systems", International Journal of Computer Network and Information Security(IJCNIS), Vol.10, No.12, pp.1-10, 2018.DOI: 10.5815/ijcnis.2018.12.01.

[16]Mohammad Zavvar, Meysam Rezaei, Shole Garavand,"Email Spam Detection Using Combination of Particle Swarm Optimization and Artificial Neural Network and Support Vector Machine", International Journal of Modern Education and Computer Science(IJMECS), Vol.8, No.7, pp.68-74, 2016.DOI: 10.5815/ijmecs.2016.07.08.

[17]Yaser Ghaderipour, Hamed Dinari. "A Flow-Based Technique to Detect Network Intrusions Using Support Vector Regression (SVR) over Some Distinguished Graph Features ", International Journal of Mathematical Sciences and Computing (IJMSC), Vol.6, No.4, pp.1-11, 2020. DOI: 10.5815/ijMSC.2020.04.01.