Overview of the project:
In this research project, we aim to develop a framework called automatic blacklist generator (AutoBLG) that systematically identifies new malicious URLs using a given existing URL blacklist. The key idea of AutoBLG is expanding the search space of web pages while reducing the amount of URLs to be analyzed by applying several pre-filters to accelerate the process of generating blacklists. AutoBLG comprises three primary primitives: URL expansion, URL filtration, and URL verification. Through extensive analysis using a high-performance web client honeypot, we demonstrated that AutoBLG can successfully extract new and previously unknown drive-by-download URLs.

system1

Publications:

  • B. Sun, M. Akiyama, T. Yagi, M. Hatada, and T. Mori, “AutoBLG: Automatic URL Blacklist Generator Using Search Space Expansion and Filters,” Proceedings of the Twentieth IEEE Symposium on Computers and Communication (ISCC 2015), pp. 205–211, Jul. 2015. [PDF][slide][bibtex][Xplore] (Note: paper PDF is the accepted version, not the final published version, see the IEEE web)