Tribune News Network
Doha
A cyber security team at Hamad Bin Khalifa University (HBKU)’s Qatar Computing Research Institute (QCRI) has designed and patented a technology that not only detect current malicious phishing URLs, but can also predict those that will be malicious in the future.
The Bfore.AI Pre-Crime scanner was developed using QCRI’s licensed malicious URL prediction technology. Based on its capabilities, the scanner was selected by VirusTotal to be one of its trusted scanners. VirusTotal (virustotal.com) is a publicly available cyber security scanning service from Google that allows a user to check if a URL, file, or IP address is malicious or benign.
Malicious URLs are involved in many cyber security attacks - including Distributed Denial of Service (DDoS) attacks - in which web servers can become unusable. They are also a source of phishing, whereby criminals dupe email users to disclose information by posing as reputable entities. These URLs are also used to control botnets, when armies of infected machines without their owners’ knowledge can propagate malware and send spam messages.
By carefully establishing and analyzing associations among URLs, the QCRI team was able to discover a large number of previously unknown malicious URLs. This approach utilizes public data and does not create any privacy concerns. Extensive testing of the approach demonstrated the early detection of malicious URLs. The approach also enables large-scale detection of malicious URLs and is highly efficient and scalable.
Dr. Issa Khalil, Principal Scientist, Cyber Security Group, QCRI, said: "Our technology takes advantage of the hosting infrastructure of malicious URLs to discover strong associations among them, which are then further used to infer unknown malicious URLs from a small set of existing known malicious ones. Instead of relying on local features, our technology mines and utilizes global associations among URLs. For example, we observed that over a period of time, multiple malicious URLs tend to be hosted on the same IPs and multiple IPs tend to host the same malicious URLs, which creates intrinsic associations among them.
"Phishing can have huge consequences for its victims, and we wanted to develop a technology to ensure that the public remains protected from growing cyber crime. The field is fast-evolving and our team wants to stay one step ahead of the game. Prediction and high-quality fast analytical tools are key factors in fighting cyber criminals.”