A Framework for Malicious Uniform Resource Locator and Domain Name Detection.

Abstract

The Domain names and URLs are the building block of the internet but are being misused by cybercriminals to spread malware and launch attacks. The malicious URLs and Domains can provide a macro image of malicious activities. The surge in the number of bots, phishing, and malware spreading malicious domain names and malicious URLs has become a concern for cyberspace currently. Malicious URLs represented 66.07% of the most active method of spreading malware in 2020, as per Kaspersky’s report. More than 100,000 malicious sites are used to take clients’ data consistently and harm the clients’ frameworks consistently around the world. The Domain names on the other hand is also being misused in a variety of ways for launching attacks or to affect internet users. One of the most prominent attacks using DNs is the DDOS attack. The major challenge in cybersecurity is the detection of malicious activities and due to its obfuscated nature; it is often referred to as it’s like looking for a needle in a haystack. Malicious web addresses have accelerated the development of various detection systems and they are an essential point of network security. In this research, a machine learning-based model for the detection of malicious URLs and Domain names is developed that uses lexical and binary features of addresses which were extracted using a custom-built feature extraction algorithm. This model is capable of detecting even a zero-day malicious address.The proposed model in contrast with the state-of-the-art model performed better and achieved an overall accuracy of 96.2%.