Skip to main content
SpringerLink
Log in

Secure Short URL Generation Method that Recognizes Risk of Target URL

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

All the information and data on the Internet are connected based on URL. Although many people use URL to share and convey the information, it is difficult to transmit the information when URL is long and special characters are mixed. Short URL service is a service that transforms long URL with information into short form of URL and conveys the information, which makes it possible to access the page with necessary information. Recently, attackers who want to distribute the malicious code abuse the short URL through SMS or SNS to distribute malicious codes. With the short URL information, as it is difficult to predict the original URL, it has the vulnerability to Phishing attacks. In this study, a method is proposed, which writes the destination information when generating a short URL so that a user is able to check whether the destination is a web document or a file. The service provider of short URL monitors the risk of target URL page of the generated short URL and decides whether to provide service. By monitoring the modification of web-document, it measures and evaluates the risk of the webpage and decides whether to block the short URL according to the threshold, which prevents attacks such as “drive by download” through the short URL.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Yearwood, J. L., Mammadov, M., & Webb, D. (2012). Profiling Phishing activity based on hyperlinks extracted from Phishing emails. Social Network Analysis and Mining, 2(1), 5–16.

    Article  Google Scholar 

  2. Mun, H. J., & Oh, S. (2016). Injecting subject policy into access control for strengthening the protection of personal information. Wireless Personal Communications, 89(3), 715–728.

    Article  Google Scholar 

  3. He, R., Qin, Z., Wang, F., Chang, C., & Qin, X. (2009). Security strategy for mobile police information system using SMS. Wireless Personal Communications, 51(2), 349–364.

    Article  Google Scholar 

  4. Kang, A., Lee, J. D., Kang, W. M., Barolli, L., & Park, J. H. (2014). Security considerations for smart phone Smishing attacks. Advances in Computer Science and its Applications, LNEE, 279, 467–473.

    Article  Google Scholar 

  5. Bitly, Bitly URL shortener and link management platform. https://bitly.com/

  6. Yoon, S., Park, J., Choi, C., & Kim, S. (2013). SHRT: New method of URL shortening including relative word of target URL. The Journal of the Korean Institute of Communication Sciences, 38(6), 473–484.

    Article  Google Scholar 

  7. Maan, P. S., & Sharma, M. (2012). Social engineering: A partial technical attack. International Journal of Computer Science Issues, 9(2–3), 557–559.

    Google Scholar 

  8. Kim, K. J., & Kim, J. (2015). A study on the Markov chain based malicious code threat estimation model. Wireless Personal Communications. doi:10.1007/s11277-015-3018-6.

    Google Scholar 

  9. Lu, H., Zhao, B., Su, J., & Xie, P. (2014). Generating lightweight behavioral signature for malware detection in people-centric sensing. Wireless Personal Communications, 75(3), 1591–1609.

    Article  Google Scholar 

  10. Seifert, C., Steenson, R., Holz, T., Yuan, B., & Davis, M. A. (2007). Know your enemy: Malicious web servers. The Honeynet Project. http://www.honeynet.org/papers/mws/

  11. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., & King, S. (2006). Automated web patrol with strider HoneyMonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium (pp. 35–49).

  12. Klien, F., & Strohmaier, M. (2012). Short links under attack: Geographical analysis of spam in a URL shortener network. In Proceedings of the 23rd ACM conference on Hypertext and social media (pp. 83–88). doi:10.1145/2309996.2310010

  13. Mun, H.-J. (2015). Polling method based on weight table for efficient monitoring. Journal of the Convergence Society for SMB, 5(4), 5–10.

    Google Scholar 

  14. Google, Google URL shortnener. https://goo.gl

  15. UNPLAY, Free shortener service. http://muz.so

  16. Le, V. L., Welch, I., Gao X., & Komisarczuk, P. (2013). Anatomy of drive-by download attack. In Proceedings of the Eleventh Australasian Information Security Conference (AISC 2013) (Vol. 138, pp. 49–58).

  17. JooHyung, O., Im, C., & Jeong, H. (2010). Technical trends and response methods of drive-by download. Communications of the Korean Institute of Information Scientists and Engineers, 28(11), 112–116.

    Google Scholar 

  18. Cova, M., Kruegel, C., & Vigna, G. (2010). Detection and analysis of Drive-by-download Attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web (pp. 281–290).

  19. Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, LNCS5587 (pp. 88–106).

  20. Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment’, DIMVA’09 (pp. 88–106). Berlin: Springer-Verlag.

  21. Park, C., Chung, H., Seo, K., & Lee, S. (2012). Research on the classification model of similarity malware using fuzzy hash. Journal of the Korea Institute of Information Security and Cryptology, 22(6), 1325–1336.

    Google Scholar 

  22. Alyac blog, Case study of malicious code with false résumé document file. http://blog.alyac.co.kr/242

  23. Sohn, Y.-s., Nam, K.-h., & Goh, S.-c. (2013). On the administrative security approaches against spear Phishing attacks. The Korea Institute of Information and Communication Engineering, 17(12), 253–2762.

    Google Scholar 

  24. VIRUSTOTAL, http://www.virustotal.com

  25. Shin, H., & Moon, J.-S. (2011). A study on minimizing infection of web-based malware through distributed and dynamic detection method of malicious websites. Journal of the Korea Institute of Information Security and Cryptology, 21(3), 89–100.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division of Information and Communication, Baekseok University, Cheonan, 31065, Korea

    Hyung-Jin Mun

  2. Department of Computer Science and Technology, Yanbian University, Yanji, 133002, China

    Yongzhen Li

Authors
  1. Hyung-Jin Mun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yongzhen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yongzhen Li.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mun, HJ., Li, Y. Secure Short URL Generation Method that Recognizes Risk of Target URL. Wireless Pers Commun 93, 269–283 (2017). https://doi.org/10.1007/s11277-016-3866-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3866-8

Keywords

Search

Navigation