Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Prediction of drive-by download attacks on Twitter

Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945, Burnap, Pete ORCID: https://orcid.org/0000-0003-0396-633X and Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646 2019. Prediction of drive-by download attacks on Twitter. Information Processing and Management 56 (3) , pp. 1133-1145. 10.1016/j.ipm.2018.02.003

[thumbnail of 1-s2.0-S0306457317305824-main.pdf]
Preview
PDF - Published Version
Available under License Creative Commons Attribution Non-commercial.

Download (1MB) | Preview

Abstract

The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cybercriminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated, the cybercriminal can lure a user to click on it with enticing text and images before carrying out a cyber attack using a malicious Web server. This is known as a drive-by download. In a drive-by download a user’s computer system is infected while interacting with the malicious endpoint, often without them being made aware the attack has taken place. An attacker can gain control of the system by exploiting unpatched system vulnerabilities and this form of attack currently represents one of the most common methods employed. In this paper we build a machine learning model using machine activity data and tweet metadata to move beyond post-execution classification of such URLs as malicious, to predict a URL will be malicious with 0.99 F-measure (using 10-fold cross-validation) and 0.833 (using an unseen test set) at 1 second into the interaction with the URL. Thus providing a basis from which to kill the connection to the server before an attack has completed and proactively blocking and preventing an attack, rather than reacting and repairing at a later date.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Data Innovation Research Institute (DIURI)
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Additional Information: This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license
Publisher: Elsevier
ISSN: 0306-4573
Date of First Compliant Deposit: 14 February 2018
Date of Acceptance: 12 February 2018
Last Modified: 03 May 2023 17:18
URI: https://orca.cardiff.ac.uk/id/eprint/109069

Citation Data

Cited 15 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item

Downloads

Downloads per month over past year

View more statistics