The goal of our research is to identify malicious advertisement URLs and to apply adversarial attack on ensembles. We extract lexical and web-scrapped features from using python code. And then 4 machine learning algorithms are applied for the classification process and then used the K-Means clustering for the visual understanding. We check the vulnerability of the models by the adversarial examples. We applied Zeroth Order Optimization adversarial attack on the models and compute the attack accuracy.

Summary of previous works on malicious URL detection.

The performance of the proposed ensemble classifier in classifying four classes of malicious URLs for testing data.

Dataset for Detecting Phishing URLs

This dataset contains URLs labeled as 'Safe' (0) or 'Not Safe' (1) for phishing detection tasks.

  Dataset Summary

This dataset contains URLs labeled for phishing detection tasks. It's designed to help train and evaluate models that can identify potentially malicious URLs.

  Dataset Creation

The dataset was synthetically generated using a custom script that creates both legitimate and potentially phishing URLs. This approach… See the full description on the dataset page: https://huggingface.co/datasets/darshan8950/phishing_url_classification.

The dataset contains DNS records, IP-related features, WHOIS/RDAP information, information from TLS handshakes and certificates, and GeoIP information for 368,956 benign domains from Cisco Umbrella, 461,338 benign domains from the actual CESNET network traffic, 164,425 phishing domains from PhishTank and OpenPhish services, and 100,809 malware domains from various sources like ThreatFox, The Firebog, MISP threat intelligence platform, and other sources. The ground truth for the phishing dataset was double-check with the VirusTotal (VT) service. Domain names not considered malicious by VT have been removed from phishing and malware datasets. Similarly, benign domain names that were considered risky by VT have been removed from the benign datasets. The data was collected between March 2023 and July 2024. The final assessment of the data was conducted in August 2024.

The dataset is useful for cybersecurity research, e.g. statistical analysis of domain data or feature extraction for training machine learning-based classifiers, e.g. for phishing and malware website detection.

Data Files

• The data is located in the following individual files:

  • benign_umbrella.json - data for 368,956 benign domains from Cisco Umbrella,
  • benign_cesnet.json - data for 461,338 benign domains from the CESNET network,
  • phishing.json - data for 164,425 phishing domains, and
  • malware.json - data for 100,809 malware domains.

Data Structure

Dataset

This dataset was created by Zihan ZHAO_qq

Released under Apache 2.0

Contents

The Web has long become a major platform for online criminal activities. URLs are used as the main vehicle in this domain. To counter this issues security community focused its efforts on developing techniques for mostly blacklisting of malicious URLs.

In the second half of 2021, websites regarding manufacturing were the most common websites to be targeted by malicious URL redirections, with ** percent of detected cases being found on these sites. Although manufacturing websites have been a common target for malware attacks before, finds on these sites have largely increased compared to the first half of the year, which recorded around ** percent of cases redirecting through that industry.

Dataset

This dataset was created by kianindeed

Released under MIT

Contents

Web applications are important for various online businesses and operations because of their platform stability and low operation cost. The increasing usage of Internet-of-Things (IoT) devices within a network has contributed to the rise of network intrusion issues due to malicious Uniform Resource Locators (URLs). Generally, malicious URLs are initiated to promote scams, attacks, and frauds which can lead to high-risk intrusion. Several methods have been developed to detect malicious URLs in previous works. There has been a good amount of work done to detect malicious URLs using various methods such as random forest, regression, LightGBM, and more as reported in the literature. However, most of the previous works focused on the binary classification of malicious URLs and are tested on limited URL datasets. Nevertheless, the detection of malicious URLs remains a challenging task that remains open to research. Hence, this work proposed a stacking-based ensemble classifier to perform multi-class classification of malicious URLs on larger URL datasets to justify the robustness of the proposed method. This study focuses on obtaining lexical features directly from the URL to identify malicious websites. Then, the proposed stacking-based ensemble classifier is developed by integrating Random Forest, XGBoost, LightGBM, and CatBoost. In addition, hyperparameter tuning was performed using the Randomized Search method to optimize the proposed classifier. The proposed stacking-based ensemble classifier aims to take advantage of the performance of each machine learning model and aggregate the output to improve prediction accuracy. The classification accuracies of the machine learning model when applied individually are 93.6%, 95.2%, 95.7% and 94.8% for random forest, XGBoost, LightGBM, and CatBoost respectively. The proposed stacking-based ensemble classifier has shown significant results in classifying four classes of malicious URLs (phishing, malware, defacement, and benign) with an average accuracy of 96.8% when benchmarked with previous works.

One important topic to work is to create a good set of malicious web characteristics

Dataset

This dataset was created by Shreeshail Chavan

Contents

Web applications are important for various online businesses and operations because of their platform stability and low operation cost. The increasing usage of Internet-of-Things (IoT) devices within a network has contributed to the rise of network intrusion issues due to malicious Uniform Resource Locators (URLs). Generally, malicious URLs are initiated to promote scams, attacks, and frauds which can lead to high-risk intrusion. Several methods have been developed to detect malicious URLs in previous works. There has been a good amount of work done to detect malicious URLs using various methods such as random forest, regression, LightGBM, and more as reported in the literature. However, most of the previous works focused on the binary classification of malicious URLs and are tested on limited URL datasets. Nevertheless, the detection of malicious URLs remains a challenging task that remains open to research. Hence, this work proposed a stacking-based ensemble classifier to perform multi-class classification of malicious URLs on larger URL datasets to justify the robustness of the proposed method. This study focuses on obtaining lexical features directly from the URL to identify malicious websites. Then, the proposed stacking-based ensemble classifier is developed by integrating Random Forest, XGBoost, LightGBM, and CatBoost. In addition, hyperparameter tuning was performed using the Randomized Search method to optimize the proposed classifier. The proposed stacking-based ensemble classifier aims to take advantage of the performance of each machine learning model and aggregate the output to improve prediction accuracy. The classification accuracies of the machine learning model when applied individually are 93.6%, 95.2%, 95.7% and 94.8% for random forest, XGBoost, LightGBM, and CatBoost respectively. The proposed stacking-based ensemble classifier has shown significant results in classifying four classes of malicious URLs (phishing, malware, defacement, and benign) with an average accuracy of 96.8% when benchmarked with previous works.

Dataset

This dataset was created by SethMDoty

Contents

An October 2023 phishing simulation carried out at worldwide organizations found that *** percent of employees submitted passwords in the form embedded in the malicious webpage. On the other hand, *** percent of them clicked only the link, and **** percent did not click the link.

As of September 2023, over 500 gambling websites were detected and settled by the Thailand Computer Emergency Response Team (ThaiCERT) in Thailand. In contrast, only 12 malware websites were detected in that year. ThaiCERT is an internal department of the National Cyber Security Agency (NCSA) tasked with monitoring cyber threats in the country.

The 22 lexical features were extracted using the feature engineering approach.

PhishingURLDataset

This dataset is created for being used for neural network training, on phishing website detection. It has been generated using this raw template.

  Dataset Details

This dataset contains phishing websites, which are labeled with "1" and are called "malignant", and benign websites, which are labeled with "0".

  Dataset Sources

Kaggle Dataset on Phishing URLs: https://www.kaggle.com/datasets/siddharthkumar25/malicious-and-benign-urls USOM Phishing… See the full description on the dataset page: https://huggingface.co/datasets/semihGuner2002/PhishingURLsDataset.

Dataset Creation The Multi-version dataset contains in total 700 QR codes related to 7 different versions. Each version consists of 100 QR codes (50 Benign and 50 Malicious).

The creation was done by using 100 unique URLs that a subset of a Balanced Dataset can be found here: https://www.kaggle.com/datasets/samahsadiq/benign-and-malicious-urls

For each version, two loops in Python were written to create 50 benign and 50 malicious QR codes. Each QR code's path indicates the QR code class type, version, and the id of the encoded URL within the mentioned balanced dataset of URLs.

NOTE: Keep in mind that malicious QR codes are encoded a REAL malicious URLs, it is not recommended to scan them manually and visiting their encoded websites. For more informations about the encoded URLs, please refer to the mentioned dataset above in Kaggle.

The global market for suspicious file and URL analysis is experiencing robust growth, projected to reach $88 million in 2025 and maintain a Compound Annual Growth Rate (CAGR) of 6.4% from 2025 to 2033. This expansion is driven by the escalating sophistication of cyber threats, the increasing reliance on digital infrastructure across various sectors, and the growing need for proactive security measures to mitigate risks associated with malicious files and URLs. The market's segmentation reveals a strong preference for cloud-based solutions, offering scalability and accessibility to organizations of all sizes. Large enterprises are the primary consumers, reflecting their higher vulnerability to advanced cyberattacks and their greater capacity for investment in robust security solutions. However, the market is also seeing significant adoption among SMEs, driven by the increasing affordability and ease of use of cloud-based solutions and a rising awareness of the risks associated with malicious online content. Several factors contribute to market growth. The development and proliferation of advanced malware necessitates continuous improvement in threat detection and analysis capabilities. Furthermore, the expanding attack surface due to remote work and the increasing use of IoT devices are contributing to a heightened demand for effective file and URL analysis tools. Regulatory compliance requirements, particularly within sensitive industries like finance and healthcare, further incentivize organizations to invest in these solutions. Conversely, challenges such as the emergence of obfuscated malware, the high cost of advanced solutions, and the need for specialized expertise pose some restraints to broader market penetration. The competitive landscape is diverse, with established cybersecurity players and innovative startups offering a range of solutions catering to specific needs and budgets. This competitive pressure is ultimately beneficial for consumers, driving innovation and fostering a more efficient and effective market for suspicious file and URL analysis.