A malicious URL is one of the most common methods attackers use to attack your organization. Whether they’re in phishing emails, botnets or fake websites, attackers often embed them with malware that waits to download when users click on them. Unlike traditional cybersecurity tools that rely on blacklists and heuristics, URL threat detection leverages machine learning to provide real-time protection against new and evolving threats.

URL Threat Detection: Identifying Hidden Dangers Online

Malicious URLs are becoming more obfuscated and hard to detect using conventional detection methods. As such, cyber threat intelligence (CTI)-based features are required to improve the detection capability of a malicious URL detector. This study introduces a new feature extraction technique that enhances the performance of a CTI-based malicious URL detector by adding lexical and domain reputation features. The model consists of seven phases: data collection, feature preprocessing, feature extraction, feature representation, ensemble learning-based prediction and decision making. Three random forest (RF) prediction models were trained based on different feature sets including a combination of CTI, Google-based CTI and Whois-based features. The probabilistic aggregated outputs of the RF classifiers were used as inputs to an artificial neural network (ANN) classifier to produce an accurate classification.

The result is a more effective URL threat detection solution that delivers real-time protection against malware, phishing attacks and botnets. When an unsafe URL is detected, users are not taken to the destination site; they instead receive a notification displayed in their browser that lets them decide whether to proceed. NetSTAR’s next-generation inCompass, a cloud security platform, is built on this URL categorization technology and provides OEMs with industry-leading malware URL scanning and threat detection.