A cyber security team at Qatar Computing Research Institute (QCRI) under Hamad Bin Khalifa University (HBKU) designed and patented a technology that not only detects current malicious phishing URLs but can also predict those that will be malicious in the future.
The Bfore.AI Pre-Crime scanner was developed using QCRI’s licensed malicious URL prediction technology. Based on its capabilities, the scanner was selected by VirusTotal to be one of its trusted scanners. VirusTotal is a publicly available cyber security scanning service from Google that allows a user to check if a URL, file or IP address is malicious or benign.
Malicious URLs are involved in many cyber security attacks – including Distributed Denial of Service (DDoS) attacks – in which web servers can become unusable. They are also a source of phishing, where criminals dupe email users to disclose information by posing as reputable entities. These URLs are also used to control ‘botnets’ when armies of infected machines without their owners’ knowledge can propagate malware and send spam messages.
By carefully establishing and analysing associations among URLs, the QCRI team was able to discover a large number of previously unknown malicious URLs. This approach utilises public data and does not create any privacy concerns. Extensive testing of the approach demonstrated the early detection of malicious URLs. The approach also enables large-scale detection of malicious URLs and is highly efficient and scalable.
According to QCRI Cyber Security Group Principal Scientist Dr Issa Khalil, their technology takes advantage of the hosting infrastructure of malicious URLs to discover strong associations among them, which are then further used to infer unknown malicious URLs from a small set of existing known malicious ones. Instead of relying on local features, the technology mines and utilises global associations among URLs.
For example, we observed that over a period of time, multiple malicious URLs tend to be hosted on the same IPs and multiple IPs tend to host the same malicious URLs, which creates intrinsic associations among them.
Dr Khalil said that phishing can have huge consequences for its victims and they wanted to develop a technology to ensure that the public remains protected from cybercrime.
The field is fast-evolving and our team wants to stay one step ahead of the game. Prediction and high-quality fast analytical tools are key factors in fighting cybercriminals.
Although the VirusTotal website is free of charge, direct access to the Bfore.AI Pre-crime scanner requires a paid subscription. The direct access option has premium capabilities that are not available in the free version.
Visit qcri.hbku.edu.qa for more information.
Check out Marhaba’s FREE e-Guides to know more about Qatar.