Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions

Malak Aljabri; Hanan S. Altamimi; Shahd A. Albelali; Maimunah Al-Harbi; Haya T. Alhuraib; Najd K. Alotaibi; Amal A. Alahmadi; Fahd AlHaidari; Rami Mustafa A. Mohammad; Khaled Salah

doi:10.1109/ACCESS.2022.3222307

Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions

Malak Aljabri, Hanan S. Altamimi, Shahd A. Albelali, Maimunah Al-Harbi, Haya T. Alhuraib, Najd K. Alotaibi, Amal A. Alahmadi, Fahd AlHaidari, Rami Mustafa A. Mohammad, Khaled Salah

Electrical Engineering

Research output: Contribution to journal › Article › peer-review

63 Scopus citations

Abstract

In recent years, the digital world has advanced significantly, particularly on the Internet, which is critical given that many of our activities are now conducted online. As a result of attackers' inventive techniques, the risk of a cyberattack is rising rapidly. One of the most critical attacks is the malicious URL intended to extract unsolicited information by mainly tricking inexperienced end users, resulting in compromising the user's system and causing losses of billions of dollars each year. As a result, securing websites is becoming more critical. In this paper, we provide an extensive literature review highlighting the main techniques used to detect malicious URLs that are based on machine learning models, taking into consideration the limitations in the literature, detection technologies, feature types, and the datasets used. Moreover, due to the lack of studies related to malicious Arabic website detection, we highlight the directions of studies in this context. Finally, as a result of the analysis, we conducted on the selected studies, we present challenges that might degrade the quality of malicious URL detectors, along with possible solutions.

Original language	British English
Pages (from-to)	121395-121417
Number of pages	23
Journal	IEEE Access
Volume	10
DOIs	https://doi.org/10.1109/ACCESS.2022.3222307
State	Published - 2022

Keywords

cybersecurity
machine learning
malicious
Phishing
random forest
URL

Access to Document

10.1109/ACCESS.2022.3222307

Cite this

@article{d9c8689ec0ab4bc2bbc1027e39c01d72,

title = "Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions",

abstract = "In recent years, the digital world has advanced significantly, particularly on the Internet, which is critical given that many of our activities are now conducted online. As a result of attackers' inventive techniques, the risk of a cyberattack is rising rapidly. One of the most critical attacks is the malicious URL intended to extract unsolicited information by mainly tricking inexperienced end users, resulting in compromising the user's system and causing losses of billions of dollars each year. As a result, securing websites is becoming more critical. In this paper, we provide an extensive literature review highlighting the main techniques used to detect malicious URLs that are based on machine learning models, taking into consideration the limitations in the literature, detection technologies, feature types, and the datasets used. Moreover, due to the lack of studies related to malicious Arabic website detection, we highlight the directions of studies in this context. Finally, as a result of the analysis, we conducted on the selected studies, we present challenges that might degrade the quality of malicious URL detectors, along with possible solutions.",

keywords = "cybersecurity, machine learning, malicious, Phishing, random forest, URL",

author = "Malak Aljabri and Altamimi, {Hanan S.} and Albelali, {Shahd A.} and Maimunah Al-Harbi and Alhuraib, {Haya T.} and Alotaibi, {Najd K.} and Alahmadi, {Amal A.} and Fahd AlHaidari and Mohammad, {Rami Mustafa A.} and Khaled Salah",

note = "Funding Information: This work was supported by SAUDI ARAMCO Cybersecurity Chair at Imam Abdulrahman Bin Faisal University (IAU). Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2022",

doi = "10.1109/ACCESS.2022.3222307",

language = "British English",

volume = "10",

pages = "121395--121417",

journal = "IEEE Access",

issn = "2169-3536",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Detecting Malicious URLs Using Machine Learning Techniques

T2 - Review and Research Directions

AU - Aljabri, Malak

AU - Altamimi, Hanan S.

AU - Albelali, Shahd A.

AU - Al-Harbi, Maimunah

AU - Alhuraib, Haya T.

AU - Alotaibi, Najd K.

AU - Alahmadi, Amal A.

AU - AlHaidari, Fahd

AU - Mohammad, Rami Mustafa A.

AU - Salah, Khaled

PY - 2022

Y1 - 2022

N2 - In recent years, the digital world has advanced significantly, particularly on the Internet, which is critical given that many of our activities are now conducted online. As a result of attackers' inventive techniques, the risk of a cyberattack is rising rapidly. One of the most critical attacks is the malicious URL intended to extract unsolicited information by mainly tricking inexperienced end users, resulting in compromising the user's system and causing losses of billions of dollars each year. As a result, securing websites is becoming more critical. In this paper, we provide an extensive literature review highlighting the main techniques used to detect malicious URLs that are based on machine learning models, taking into consideration the limitations in the literature, detection technologies, feature types, and the datasets used. Moreover, due to the lack of studies related to malicious Arabic website detection, we highlight the directions of studies in this context. Finally, as a result of the analysis, we conducted on the selected studies, we present challenges that might degrade the quality of malicious URL detectors, along with possible solutions.

AB - In recent years, the digital world has advanced significantly, particularly on the Internet, which is critical given that many of our activities are now conducted online. As a result of attackers' inventive techniques, the risk of a cyberattack is rising rapidly. One of the most critical attacks is the malicious URL intended to extract unsolicited information by mainly tricking inexperienced end users, resulting in compromising the user's system and causing losses of billions of dollars each year. As a result, securing websites is becoming more critical. In this paper, we provide an extensive literature review highlighting the main techniques used to detect malicious URLs that are based on machine learning models, taking into consideration the limitations in the literature, detection technologies, feature types, and the datasets used. Moreover, due to the lack of studies related to malicious Arabic website detection, we highlight the directions of studies in this context. Finally, as a result of the analysis, we conducted on the selected studies, we present challenges that might degrade the quality of malicious URL detectors, along with possible solutions.

KW - cybersecurity

KW - machine learning

KW - malicious

KW - Phishing

KW - random forest

KW - URL

UR - http://www.scopus.com/inward/record.url?scp=85142789961&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2022.3222307

DO - 10.1109/ACCESS.2022.3222307

M3 - Article

AN - SCOPUS:85142789961

SN - 2169-3536

VL - 10

SP - 121395

EP - 121417

JO - IEEE Access

JF - IEEE Access

ER -

Detecting Malicious URLs Using Machine Learning Techniques: Review and Research Directions

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this