Real-time malicious URL detection

Abstract

Malicious URLs are constantly used for phishing, malware distribution and other illegal activities. Because benign URLs are needed for the Internet to function, malicious URLs are hard to block. While several works have focused on offline classification of malicious URLs, real-time detection still needs to be investigated. This paper evaluates the performance of real-time malicious URL detection using two techniques: blacklist methods and machine learning methods, deployed in both local and cloud environments. The study highlights significant differences in latency and connection failure rates under various load conditions, providing insights into the strengths and limitations of each approach. The blacklist method consistently demonstrates lower latency, making it suitable for scenarios requiring quick response times, though its stability may be compromised under high loads in a local setup. In contrast, the machine learning method offers advanced detection capabilities but exhibits higher latency, particularly in local environments, due to its resource-intensive nature. The cloud environment mitigates some latency issues but still lags behind the blacklist method in terms of speed. The findings emphasize that most latency stems from the verification process, with the local environment requiring significant optimization to reduce delays. The study concludes that implementing a proxy for real-time URL detection is viable, especially in cloud environments, where resource management can better handle increased demand.