Malicious URL detection based on Kolmogorov complexity estimation

Hsing Kuo Pao; Yan Lin Chou; Yuh-Jye Lee

doi:10.1109/WI-IAT.2012.258

Malicious URL detection based on Kolmogorov complexity estimation

Hsing Kuo Pao, Yan Lin Chou, Yuh-Jye Lee

Department of Applied Mathematics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Scopus citations

Abstract

Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval. We propose a detection method that is based on an estimation of the conditional Kolmogorov complexity of URL strings. To overcome the incomputability of Kolmogorov complexity, we adopt a compression method for its approximation, called conditional Kolmogorov measure. As a single significant feature for detection, we can achieve a decent performance that can not be achieved by any other single feature that we know. Moreover, the proposed Kolmogorov measure can work together with other features for a successful detection. The experiment has been conducted using a private dataset from a commercial company which can collect more than one million unclassified URLs in a typical hour. On average, the proposed measure can process such hourly data in less than a few minutes.

Original language	English
Title of host publication	Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012
Pages	380-387
Number of pages	8
DOIs	https://doi.org/10.1109/WI-IAT.2012.258
State	Published - 1 Dec 2012
Event	2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012 - Macau, China Duration: 4 Dec 2012 → 7 Dec 2012

Publication series

Name	Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012

Conference

Conference	2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012
Country	China
City	Macau
Period	4/12/12 → 7/12/12

Keywords

blacklist
compression
entropy
Kolmogorov complexity
malicious URL

Access to Document

10.1109/WI-IAT.2012.258

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Malicious URL detection based on Kolmogorov complexity estimation'. Together they form a unique fingerprint.

Cite this

@inproceedings{e3a1d62d7cec4a47bb049057569df751,

title = "Malicious URL detection based on Kolmogorov complexity estimation",

abstract = "Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval. We propose a detection method that is based on an estimation of the conditional Kolmogorov complexity of URL strings. To overcome the incomputability of Kolmogorov complexity, we adopt a compression method for its approximation, called conditional Kolmogorov measure. As a single significant feature for detection, we can achieve a decent performance that can not be achieved by any other single feature that we know. Moreover, the proposed Kolmogorov measure can work together with other features for a successful detection. The experiment has been conducted using a private dataset from a commercial company which can collect more than one million unclassified URLs in a typical hour. On average, the proposed measure can process such hourly data in less than a few minutes.",

keywords = "blacklist, compression, entropy, Kolmogorov complexity, malicious URL",

author = "Pao, {Hsing Kuo} and Chou, {Yan Lin} and Yuh-Jye Lee",

year = "2012",

month = dec,

day = "1",

doi = "10.1109/WI-IAT.2012.258",

language = "English",

isbn = "9780769548807",

series = "Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012",

pages = "380--387",

booktitle = "Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012",

note = "null ; Conference date: 04-12-2012 Through 07-12-2012",

}

Pao, HK, Chou, YL & Lee, Y-J 2012, Malicious URL detection based on Kolmogorov complexity estimation. in Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012., 6511912, Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012, pp. 380-387, 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012, Macau, China, 4/12/12. https://doi.org/10.1109/WI-IAT.2012.258

Malicious URL detection based on Kolmogorov complexity estimation. / Pao, Hsing Kuo; Chou, Yan Lin; Lee, Yuh-Jye.

Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012. 2012. p. 380-387 6511912 (Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Malicious URL detection based on Kolmogorov complexity estimation

AU - Pao, Hsing Kuo

AU - Chou, Yan Lin

AU - Lee, Yuh-Jye

PY - 2012/12/1

Y1 - 2012/12/1

N2 - Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval. We propose a detection method that is based on an estimation of the conditional Kolmogorov complexity of URL strings. To overcome the incomputability of Kolmogorov complexity, we adopt a compression method for its approximation, called conditional Kolmogorov measure. As a single significant feature for detection, we can achieve a decent performance that can not be achieved by any other single feature that we know. Moreover, the proposed Kolmogorov measure can work together with other features for a successful detection. The experiment has been conducted using a private dataset from a commercial company which can collect more than one million unclassified URLs in a typical hour. On average, the proposed measure can process such hourly data in less than a few minutes.

AB - Malicious URL detection has drawn a significant research attention in recent years. It is helpful if we can simply use the URL string to make precursory judgment about how dangerous a website is. By doing that, we can save efforts on the website content analysis and bandwidth for content retrieval. We propose a detection method that is based on an estimation of the conditional Kolmogorov complexity of URL strings. To overcome the incomputability of Kolmogorov complexity, we adopt a compression method for its approximation, called conditional Kolmogorov measure. As a single significant feature for detection, we can achieve a decent performance that can not be achieved by any other single feature that we know. Moreover, the proposed Kolmogorov measure can work together with other features for a successful detection. The experiment has been conducted using a private dataset from a commercial company which can collect more than one million unclassified URLs in a typical hour. On average, the proposed measure can process such hourly data in less than a few minutes.

KW - blacklist

KW - compression

KW - entropy

KW - Kolmogorov complexity

KW - malicious URL

UR - http://www.scopus.com/inward/record.url?scp=84878469962&partnerID=8YFLogxK

U2 - 10.1109/WI-IAT.2012.258

DO - 10.1109/WI-IAT.2012.258

M3 - Conference contribution

AN - SCOPUS:84878469962

SN - 9780769548807

T3 - Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012

SP - 380

EP - 387

BT - Proceedings - 2012 IEEE/WIC/ACM International Conference on Web Intelligence, WI 2012

Y2 - 4 December 2012 through 7 December 2012

ER -