This is the code repository for the USENIX Security 2021 paper "Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs".
The key problem we solve in this work is that given a malicious URL:
- Can we identify if it is hosted on a public or private apex?
- Can we identify if it is a compromised website or an attacker owned website?
The repository contains two key classifiers we build.
- Public-Private Classifier
- Compromised-Attacker Owned Classifier
@inproceedings {desilva21,
title = {Compromised or Attacker-Owned: A Large Scale Classification and Study of Hosting Domains of Malicious URLs},
author = {Ravindu De Silva and Mohamed Nabeel and Charitha Elvitigala and Issa Khalil and Ting Yu and Chamath Keppitiyagama},
booktitle = {30th {USENIX} Security Symposium ({USENIX} Security 21)},
year = {2021},
url = {https://www.usenix.org/conference/usenixsecurity21/presentation/desilva},
publisher = {{USENIX} Association},
month = aug,
}