A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs-Reference-Cited by-同舟云学术

A Large Scale Study and Classification of VirusTotal Reports on Phishing and Malware URLs

Published:2023-12-07 Issue:3 Volume:7 Page:1-26
ISSN:2476-1249
Container-title:Proceedings of the ACM on Measurement and Analysis of Computing Systems
language:en
Short-container-title:Proc. ACM Meas. Anal. Comput. Syst.

Author:

Choo Euijin¹^ORCID,Nabeel Mohamed²^ORCID,Kim Doowon³^ORCID,De Silva Ravindu⁴^ORCID,Yu Ting⁵^ORCID,Khalil Issa⁵^ORCID

Affiliation:

1. University of Alberta, Edmonton, AB, Canada

2. Palo Alto Networks, Santa Clara, CA, USA

3. University of Tennessee, Knoxville, Knoxville, TN, USA

4. SCoRe Lab, Colombo, Sri Lanka

5. Qatar Computing Research Institute, Doha, Qatar

Abstract

VirusTotal (VT) is a widely used scanning service for researchers and practitioners to label malicious entities and predict new security threats. Unfortunately, it is little known to the end-users how VT URL scanners decide on the maliciousness of entities and the attack types they are involved in (e.g., phishing or malware-hosting websites). In this paper, we conduct a systematic comparative study on VT URL scanners' behavior for different attack types of malicious URLs, in terms of 1) detection specialties, 2) stability, 3) correlations between scanners, and 4) lead/lag behaviors. Our findings highlight that the VT scanners commonly disagree with each other on their detection and attack type classification, leading to challenges in ascertaining the maliciousness of a URL and taking prompt mitigation actions according to different attack types. This motivates us to present a new highly accurate classifier that helps correctly identify the attack types of malicious URLs at the early stage. This in turn assists practitioners in performing better threat aggregation and choosing proper mitigation actions for different attack types

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Computer Science (miscellaneous)

Link

https://dl.acm.org/doi/pdf/10.1145/3626790

Reference56 articles.

1. 2021. EST Security. https://en.estsecurity.com/product/alyac. 2021. EST Security. https://en.estsecurity.com/product/alyac.

2. APWG. 2021. Anti-Phishing Working Group. https://www.apwg.org/. APWG. 2021. Anti-Phishing Working Group. https://www.apwg.org/.

3. Drebin: Effective and explainable detection of android malware in your pocket;Arp Daniel;NDSS,2014

4. AT&T. 2021. Open Threat Exchange. https://cybersecurity.att.com/open-threat-exchange. AT&T. 2021. Open Threat Exchange. https://cybersecurity.att.com/open-threat-exchange.

5. Paul N Bennett and Vitor R Carvalho . 2010. Online stratified sampling: evaluating classifiers at web-scale . In 19th ACM CIKM. 1581--1584. Paul N Bennett and Vitor R Carvalho. 2010. Online stratified sampling: evaluating classifiers at web-scale. In 19th ACM CIKM. 1581--1584.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Enable Excel-Based Basic Cybersecurity Features for End Users by Using Python-Excel Integration;Journal of Software Engineering and Applications;2024