nach oben

Wireless Personal Communications

Erschienen in:

24.12.2016

Secure Short URL Generation Method that Recognizes Risk of Target URL

verfasst von: Hyung-Jin Mun, Yongzhen Li

Erschienen in: Wireless Personal Communications | Ausgabe 1/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

All the information and data on the Internet are connected based on URL. Although many people use URL to share and convey the information, it is difficult to transmit the information when URL is long and special characters are mixed. Short URL service is a service that transforms long URL with information into short form of URL and conveys the information, which makes it possible to access the page with necessary information. Recently, attackers who want to distribute the malicious code abuse the short URL through SMS or SNS to distribute malicious codes. With the short URL information, as it is difficult to predict the original URL, it has the vulnerability to Phishing attacks. In this study, a method is proposed, which writes the destination information when generating a short URL so that a user is able to check whether the destination is a web document or a file. The service provider of short URL monitors the risk of target URL page of the generated short URL and decides whether to provide service. By monitoring the modification of web-document, it measures and evaluates the risk of the webpage and decides whether to block the short URL according to the threshold, which prevents attacks such as “drive by download” through the short URL.

Vorheriger Artikel Depression Index Service Using Knowledge Based Crowdsourcing in Smart Health

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Yearwood, J. L., Mammadov, M., & Webb, D. (2012). Profiling Phishing activity based on hyperlinks extracted from Phishing emails. Social Network Analysis and Mining, 2(1), 5–16.CrossRef

Mun, H. J., & Oh, S. (2016). Injecting subject policy into access control for strengthening the protection of personal information. Wireless Personal Communications, 89(3), 715–728.CrossRef

He, R., Qin, Z., Wang, F., Chang, C., & Qin, X. (2009). Security strategy for mobile police information system using SMS. Wireless Personal Communications, 51(2), 349–364.CrossRef

Kang, A., Lee, J. D., Kang, W. M., Barolli, L., & Park, J. H. (2014). Security considerations for smart phone Smishing attacks. Advances in Computer Science and its Applications, LNEE, 279, 467–473.CrossRef

Bitly, Bitly URL shortener and link management platform. https://bitly.com/

Yoon, S., Park, J., Choi, C., & Kim, S. (2013). SHRT: New method of URL shortening including relative word of target URL. The Journal of the Korean Institute of Communication Sciences, 38(6), 473–484.CrossRef

Maan, P. S., & Sharma, M. (2012). Social engineering: A partial technical attack. International Journal of Computer Science Issues, 9(2–3), 557–559.

Kim, K. J., & Kim, J. (2015). A study on the Markov chain based malicious code threat estimation model. Wireless Personal Communications. doi:10.1007/s11277-015-3018-6.

Lu, H., Zhao, B., Su, J., & Xie, P. (2014). Generating lightweight behavioral signature for malware detection in people-centric sensing. Wireless Personal Communications, 75(3), 1591–1609.CrossRef

10.

Seifert, C., Steenson, R., Holz, T., Yuan, B., & Davis, M. A. (2007). Know your enemy: Malicious web servers. The Honeynet Project. http://www.honeynet.org/papers/mws/

11.

Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., & King, S. (2006). Automated web patrol with strider HoneyMonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium (pp. 35–49).

12.

Klien, F., & Strohmaier, M. (2012). Short links under attack: Geographical analysis of spam in a URL shortener network. In Proceedings of the 23rd ACM conference on Hypertext and social media (pp. 83–88). doi:10.1145/2309996.2310010

13.

Mun, H.-J. (2015). Polling method based on weight table for efficient monitoring. Journal of the Convergence Society for SMB, 5(4), 5–10.

14.

Google, Google URL shortnener. https://goo.gl

15.

UNPLAY, Free shortener service. http://muz.so

16.

Le, V. L., Welch, I., Gao X., & Komisarczuk, P. (2013). Anatomy of drive-by download attack. In Proceedings of the Eleventh Australasian Information Security Conference (AISC 2013) (Vol. 138, pp. 49–58).

17.

JooHyung, O., Im, C., & Jeong, H. (2010). Technical trends and response methods of drive-by download. Communications of the Korean Institute of Information Scientists and Engineers, 28(11), 112–116.

18.

Cova, M., Kruegel, C., & Vigna, G. (2010). Detection and analysis of Drive-by-download Attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web (pp. 281–290).

19.

Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, LNCS5587 (pp. 88–106).

20.

Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment’, DIMVA’09 (pp. 88–106). Berlin: Springer-Verlag.

21.

Park, C., Chung, H., Seo, K., & Lee, S. (2012). Research on the classification model of similarity malware using fuzzy hash. Journal of the Korea Institute of Information Security and Cryptology, 22(6), 1325–1336.

22.

Alyac blog, Case study of malicious code with false résumé document file. http://blog.alyac.co.kr/242

23.

Sohn, Y.-s., Nam, K.-h., & Goh, S.-c. (2013). On the administrative security approaches against spear Phishing attacks. The Korea Institute of Information and Communication Engineering, 17(12), 253–2762.

24.

VIRUSTOTAL, http://www.virustotal.com

25.

Shin, H., & Moon, J.-S. (2011). A study on minimizing infection of web-based malware through distributed and dynamic detection method of malicious websites. Journal of the Korea Institute of Information Security and Cryptology, 21(3), 89–100.

Titel: Secure Short URL Generation Method that Recognizes Risk of Target URL
verfasst von: Hyung-Jin Mun
Yongzhen Li
Publikationsdatum: 24.12.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 1/2017
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3866-8

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Die Gewinner und Laudatoren des Sustainability Award in Automotive 2024/© Uli Regenscheit | ATZlive, Search Icon, Banner Hanser, Suresh Vittal/© Alteryx, Additiv gefertigte Teile/© Marina_Skoropadskaya | Getty Images | iStock, Warnschild "Land unter"/© Bluedesign / Fotolia, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade, chassis.tech plus 2023/© [M] ATZlive / TÜV SÜD PRODUCT SERVICE GMBH, adäsion-Webinar-Matinee/© krystiannawrocki_ Getty Images

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 1/2017

Puzzle Based Algorithm Learning for Cultivating Computational Thinking

An Efficient Access Reduction Scheme of Big Data Based on Total Probability Theory

A Secure and Efficient V2V Authentication Method in Heavy Traffic Environment

Flocking in Interpretation with Visual Art Design Principles

Data Transmission and Network Architecture in Long Range Low Power Sensor Networks for IoT

Density and Frequency-Aware Cluster Identification for Spatio-Temporal Sequence Data

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.