Malicious URL, a.k.a. malicious website, is a common and serious threat to cybersecurity. Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting users to become victims of scams (monetary loss, theft of private information, and malware installation), and cause losses of billions of dollars every year. It is imperative to detect and act on such th...

The microblogging service Twitter has become one of the most popular sources of real time information. Every second, hundreds of URLs are posted on Twitter. Due to the maximum tweet length of 140 characters, these URLs are in most cases a shortened version of the original URLs. In contrast to the original URLS, which usually provide some hints on the destination Web site and the specific page, ...

Malicious website attacks, including phishing, malware, and drive-by downloads have become a huge security threat to today’s Internet. Various studies have been conducted to explore approaches to prevent users from being attacked by malicious websites. However, no studies to date exist on the prevalence of and temporal characteristics of such traffic. In this paper, we developed the PhishLive s...

Imbalanced class has been a common problem encountered in the modeling process, and attracted more attention from scholars. Biased classifiers, which limit classifiers' performance for minority classes, will be produced if imbalanced ratio between number of positive labels negative is ignored. The synthetic over-sampling technique (SMOTE) very classic popular method, widely used to address this...

The popularity of Twitter for information discovery, coupled with the automatic shortening of URLs to save space, given the 140 character limit, provides cyber criminals with an opportunity to obfuscate the URL of a malicious Web page within a tweet. Once the URL is obfuscated the cyber criminal can lure a user to click on it with enticing text and images before carrying out a cyber attack usin...

Malicious Web sites largely promote the growth of Internet criminal activities and constrain the development of Web services. As a result, there has been strong motivation to develop systemic solution to stopping the user from visiting such Web sites. In this paper, we propose a learning based approach to classifying Web sites into 3 classes: benign, phishing, and malware. Our mechanism only an...

The popularity of instant messaging (IM) services has recently attracted the interest of attackers that try to send malicious URLs or files to the contact lists of compromised instant messaging accounts or clients. This work focuses on a systematic characterization of IM threats based on the information collected by HoneyBuddy, a honeypot-like infrastructure for detecting malicious activities i...