WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream
Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detectio...
Gespeichert in:
| Veröffentlicht in: | IEEE transactions on dependable and secure computing 2013-05, Vol.10 (3), p.183-195 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 195 |
|---|---|
| container_issue | 3 |
| container_start_page | 183 |
| container_title | IEEE transactions on dependable and secure computing |
| container_volume | 10 |
| creator | Lee, Sangho Kim, Jong |
| description | Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTIUIL content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. in this paper, we propose WARNINGBIRD, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a near real-time system for classifying suspicious URLs in the Twitter stream. |
| doi_str_mv | 10.1109/TDSC.2013.3 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_journals_1366053535</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6409356</ieee_id><sourcerecordid>2991961991</sourcerecordid><originalsourceid>FETCH-LOGICAL-c244t-9d351ed852142ac2b1a2ba0a239bd7849662d52e8127467c5c604b82e2d697503</originalsourceid><addsrcrecordid>eNpd0EtLw0AQB_BFFKzVk0cvC14ESd13st5q6wuKQpviMWySqWzJo-5ukH57EyoeZA4zMD-G4Y_QJSUTSom-S-er2YQRyif8CI2oFjQihCbH_SyFjKSO6Sk6835LCBOJFiOUfhjX2ObzwbryHk_xGxiHl2CqKLU14DkEKIJtG7za-wA13rQOrzq_s4VtO4_Xy4XHtsHptw0B-lVwYOpzdLIxlYeL3z5G66fHdPYSLd6fX2fTRVQwIUKkSy4plIlkVDBTsJwalhtiGNd5GSdCK8VKySChLBYqLmShiMgTBqxUOpaEj9HN4e7OtV8d-JDV1hdQVaaB_ruMciWJVDQWPb3-R7dt55r-u0EpIvlQY3R7UIVrvXewyXbO1sbtM0qyIeFsSDgbEs54r68O2gLAn1SCaC4V_wHWb3P8</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1366053535</pqid></control><display><type>article</type><title>WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream</title><source>IEEE Electronic Library (IEL)</source><creator>Lee, Sangho ; Kim, Jong</creator><creatorcontrib>Lee, Sangho ; Kim, Jong</creatorcontrib><description>Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTIUIL content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. in this paper, we propose WARNINGBIRD, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a near real-time system for classifying suspicious URLs in the Twitter stream.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2013.3</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Browsers ; classification ; Classifiers ; conditional redirection ; Construction ; Correlation ; Correlation analysis ; Crawlers ; Dynamical systems ; Dynamics ; Feature extraction ; Intrusion detection systems ; IP networks ; Network security ; Real time ; Servers ; Social networks ; Spamming ; Streams ; Studies ; Suspicious URL ; Text messaging ; Training ; Twitter ; URL redirection ; URLs</subject><ispartof>IEEE transactions on dependable and secure computing, 2013-05, Vol.10 (3), p.183-195</ispartof><rights>Copyright IEEE Computer Society May/Jun 2013</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c244t-9d351ed852142ac2b1a2ba0a239bd7849662d52e8127467c5c604b82e2d697503</citedby><cites>FETCH-LOGICAL-c244t-9d351ed852142ac2b1a2ba0a239bd7849662d52e8127467c5c604b82e2d697503</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6409356$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6409356$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Lee, Sangho</creatorcontrib><creatorcontrib>Kim, Jong</creatorcontrib><title>WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTIUIL content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. in this paper, we propose WARNINGBIRD, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a near real-time system for classifying suspicious URLs in the Twitter stream.</description><subject>Browsers</subject><subject>classification</subject><subject>Classifiers</subject><subject>conditional redirection</subject><subject>Construction</subject><subject>Correlation</subject><subject>Correlation analysis</subject><subject>Crawlers</subject><subject>Dynamical systems</subject><subject>Dynamics</subject><subject>Feature extraction</subject><subject>Intrusion detection systems</subject><subject>IP networks</subject><subject>Network security</subject><subject>Real time</subject><subject>Servers</subject><subject>Social networks</subject><subject>Spamming</subject><subject>Streams</subject><subject>Studies</subject><subject>Suspicious URL</subject><subject>Text messaging</subject><subject>Training</subject><subject>Twitter</subject><subject>URL redirection</subject><subject>URLs</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpd0EtLw0AQB_BFFKzVk0cvC14ESd13st5q6wuKQpviMWySqWzJo-5ukH57EyoeZA4zMD-G4Y_QJSUTSom-S-er2YQRyif8CI2oFjQihCbH_SyFjKSO6Sk6835LCBOJFiOUfhjX2ObzwbryHk_xGxiHl2CqKLU14DkEKIJtG7za-wA13rQOrzq_s4VtO4_Xy4XHtsHptw0B-lVwYOpzdLIxlYeL3z5G66fHdPYSLd6fX2fTRVQwIUKkSy4plIlkVDBTsJwalhtiGNd5GSdCK8VKySChLBYqLmShiMgTBqxUOpaEj9HN4e7OtV8d-JDV1hdQVaaB_ruMciWJVDQWPb3-R7dt55r-u0EpIvlQY3R7UIVrvXewyXbO1sbtM0qyIeFsSDgbEs54r68O2gLAn1SCaC4V_wHWb3P8</recordid><startdate>201305</startdate><enddate>201305</enddate><creator>Lee, Sangho</creator><creator>Kim, Jong</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201305</creationdate><title>WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream</title><author>Lee, Sangho ; Kim, Jong</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c244t-9d351ed852142ac2b1a2ba0a239bd7849662d52e8127467c5c604b82e2d697503</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Browsers</topic><topic>classification</topic><topic>Classifiers</topic><topic>conditional redirection</topic><topic>Construction</topic><topic>Correlation</topic><topic>Correlation analysis</topic><topic>Crawlers</topic><topic>Dynamical systems</topic><topic>Dynamics</topic><topic>Feature extraction</topic><topic>Intrusion detection systems</topic><topic>IP networks</topic><topic>Network security</topic><topic>Real time</topic><topic>Servers</topic><topic>Social networks</topic><topic>Spamming</topic><topic>Streams</topic><topic>Studies</topic><topic>Suspicious URL</topic><topic>Text messaging</topic><topic>Training</topic><topic>Twitter</topic><topic>URL redirection</topic><topic>URLs</topic><toplevel>online_resources</toplevel><creatorcontrib>Lee, Sangho</creatorcontrib><creatorcontrib>Kim, Jong</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Lee, Sangho</au><au>Kim, Jong</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2013-05</date><risdate>2013</risdate><volume>10</volume><issue>3</issue><spage>183</spage><epage>195</epage><pages>183-195</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Twitter is prone to malicious tweets containing URLs for spar, phishing, and malware distribution. Conventional Twitter spar detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTIUIL content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. in this paper, we propose WARNINGBIRD, a suspicious URL detection system for Twitter. Our system investigates correlations of URL redirect chains extracted from several tweets. Because attackers have limited resources and usually reuse them, their URL redirect chains frequently share the same URLs. We develop methods to discover correlated URL redirect chains using the frequently shared URLs and to determine their suspiciousness. We collect numerous tweets from the Twitter public timeline and build a statistical classifier using them. Evaluation results show that our classifier accurately and efficiently detects suspicious URLs. We also present WARNINGBIRD as a near real-time system for classifying suspicious URLs in the Twitter stream.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2013.3</doi><tpages>13</tpages></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | ISSN: 1545-5971 |
| ispartof | IEEE transactions on dependable and secure computing, 2013-05, Vol.10 (3), p.183-195 |
| issn | 1545-5971 1941-0018 |
| language | eng |
| recordid | cdi_proquest_journals_1366053535 |
| source | IEEE Electronic Library (IEL) |
| subjects | Browsers classification Classifiers conditional redirection Construction Correlation Correlation analysis Crawlers Dynamical systems Dynamics Feature extraction Intrusion detection systems IP networks Network security Real time Servers Social networks Spamming Streams Studies Suspicious URL Text messaging Training URL redirection URLs |
| title | WarningBird: A Near Real-Time Detection System for Suspicious URLs in Twitter Stream |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-02T10%3A48%3A06IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=WarningBird:%20A%20Near%20Real-Time%20Detection%20System%20for%20Suspicious%20URLs%20in%20Twitter%20Stream&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Lee,%20Sangho&rft.date=2013-05&rft.volume=10&rft.issue=3&rft.spage=183&rft.epage=195&rft.pages=183-195&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2013.3&rft_dat=%3Cproquest_RIE%3E2991961991%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1366053535&rft_id=info:pmid/&rft_ieee_id=6409356&rfr_iscdi=true |