Survey on Malicious URL Detection Techniques

Crimes in the cyberspace are increasing day by day. Recent cyber threat defense reports states that 80.7% of the systems are compromised at least once in 2020. Cyber criminals taking the pandemic situation as an opportunity for the mass attack through malicious URL circulated by email or text messages in social media. Performing cyber-attacks through malicious URLs is the handy method for the cyber criminals. Protecting from such attacks requires proper awareness and solid defense system. Some of the common approaches followed by the cybercriminals to deceive the victims are 1. Phishing URLs which is very similar to the legitimate URLs. 2. Redirecting URLs 3. Using JavaScript, redirects to the phishing URL when user interacts with webpage 4. Social engineering etc. As soon as the novice internet users clicks on the malicious URL link, cyber criminals can easily steal personal information or install malware on their device to get additional access. Recently malicious URLs are generated algorithmically and uses URL shortening service to evade the existing security setup such as firewall and web filters. In literature, the researchers have proposed several ways to detect the malicious URLs but, new attack vectors that are introduced by the cyber criminals can easily bypass the security system. The purpose of this paper is to provide an overview of various malicious URL detection techniques which includes blacklist based, rules based, machine learning and deep learning-based techniques. Most importantly, the paper discusses the common features used by the detection system from webpages to classify the URL as malicious or benign and various performance metrics. This will encourage the new researchers to bring out the innovative solutions.