Abstract
All the information and data on the Internet are connected based on URL. Although many people use URL to share and convey the information, it is difficult to transmit the information when URL is long and special characters are mixed. Short URL service is a service that transforms long URL with information into short form of URL and conveys the information, which makes it possible to access the page with necessary information. Recently, attackers who want to distribute the malicious code abuse the short URL through SMS or SNS to distribute malicious codes. With the short URL information, as it is difficult to predict the original URL, it has the vulnerability to Phishing attacks. In this study, a method is proposed, which writes the destination information when generating a short URL so that a user is able to check whether the destination is a web document or a file. The service provider of short URL monitors the risk of target URL page of the generated short URL and decides whether to provide service. By monitoring the modification of web-document, it measures and evaluates the risk of the webpage and decides whether to block the short URL according to the threshold, which prevents attacks such as “drive by download” through the short URL.
Similar content being viewed by others
References
Yearwood, J. L., Mammadov, M., & Webb, D. (2012). Profiling Phishing activity based on hyperlinks extracted from Phishing emails. Social Network Analysis and Mining, 2(1), 5–16.
Mun, H. J., & Oh, S. (2016). Injecting subject policy into access control for strengthening the protection of personal information. Wireless Personal Communications, 89(3), 715–728.
He, R., Qin, Z., Wang, F., Chang, C., & Qin, X. (2009). Security strategy for mobile police information system using SMS. Wireless Personal Communications, 51(2), 349–364.
Kang, A., Lee, J. D., Kang, W. M., Barolli, L., & Park, J. H. (2014). Security considerations for smart phone Smishing attacks. Advances in Computer Science and its Applications, LNEE, 279, 467–473.
Bitly, Bitly URL shortener and link management platform. https://bitly.com/
Yoon, S., Park, J., Choi, C., & Kim, S. (2013). SHRT: New method of URL shortening including relative word of target URL. The Journal of the Korean Institute of Communication Sciences, 38(6), 473–484.
Maan, P. S., & Sharma, M. (2012). Social engineering: A partial technical attack. International Journal of Computer Science Issues, 9(2–3), 557–559.
Kim, K. J., & Kim, J. (2015). A study on the Markov chain based malicious code threat estimation model. Wireless Personal Communications. doi:10.1007/s11277-015-3018-6.
Lu, H., Zhao, B., Su, J., & Xie, P. (2014). Generating lightweight behavioral signature for malware detection in people-centric sensing. Wireless Personal Communications, 75(3), 1591–1609.
Seifert, C., Steenson, R., Holz, T., Yuan, B., & Davis, M. A. (2007). Know your enemy: Malicious web servers. The Honeynet Project. http://www.honeynet.org/papers/mws/
Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., & King, S. (2006). Automated web patrol with strider HoneyMonkeys: Finding web sites that exploit browser vulnerabilities. In Proceedings of Network and Distributed Systems Security Symposium (pp. 35–49).
Klien, F., & Strohmaier, M. (2012). Short links under attack: Geographical analysis of spam in a URL shortener network. In Proceedings of the 23rd ACM conference on Hypertext and social media (pp. 83–88). doi:10.1145/2309996.2310010
Mun, H.-J. (2015). Polling method based on weight table for efficient monitoring. Journal of the Convergence Society for SMB, 5(4), 5–10.
Google, Google URL shortnener. https://goo.gl
UNPLAY, Free shortener service. http://muz.so
Le, V. L., Welch, I., Gao X., & Komisarczuk, P. (2013). Anatomy of drive-by download attack. In Proceedings of the Eleventh Australasian Information Security Conference (AISC 2013) (Vol. 138, pp. 49–58).
JooHyung, O., Im, C., & Jeong, H. (2010). Technical trends and response methods of drive-by download. Communications of the Korean Institute of Information Scientists and Engineers, 28(11), 112–116.
Cova, M., Kruegel, C., & Vigna, G. (2010). Detection and analysis of Drive-by-download Attacks and malicious JavaScript code. In Proceedings of the 19th International Conference on World Wide Web (pp. 281–290).
Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, LNCS5587 (pp. 88–106).
Egele, M., Wurzinger, P., Kruegel, C., & Kirda, E. (2009). Defending browsers against drive-by downloads: Mitigating heap-spraying code injection attacks. In Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment’, DIMVA’09 (pp. 88–106). Berlin: Springer-Verlag.
Park, C., Chung, H., Seo, K., & Lee, S. (2012). Research on the classification model of similarity malware using fuzzy hash. Journal of the Korea Institute of Information Security and Cryptology, 22(6), 1325–1336.
Alyac blog, Case study of malicious code with false résumé document file. http://blog.alyac.co.kr/242
Sohn, Y.-s., Nam, K.-h., & Goh, S.-c. (2013). On the administrative security approaches against spear Phishing attacks. The Korea Institute of Information and Communication Engineering, 17(12), 253–2762.
VIRUSTOTAL, http://www.virustotal.com
Shin, H., & Moon, J.-S. (2011). A study on minimizing infection of web-based malware through distributed and dynamic detection method of malicious websites. Journal of the Korea Institute of Information Security and Cryptology, 21(3), 89–100.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mun, HJ., Li, Y. Secure Short URL Generation Method that Recognizes Risk of Target URL. Wireless Pers Commun 93, 269–283 (2017). https://doi.org/10.1007/s11277-016-3866-8
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3866-8