{"id":"https://openalex.org/W3022221092","doi":"https://doi.org/10.1109/cns48642.2020.9162304","title":"REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic","display_name":"REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic","publication_year":2020,"publication_date":"2020-06-01","ids":{"openalex":"https://openalex.org/W3022221092","doi":"https://doi.org/10.1109/cns48642.2020.9162304","mag":"3022221092"},"language":"en","primary_location":{"id":"doi:10.1109/cns48642.2020.9162304","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns48642.2020.9162304","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pureadmin.qub.ac.uk/ws/files/204370617/REdiREKT_Extracting_Malicious_Redirections_from_Exploit_Kit_Traffic.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072987802","display_name":"Jonah Burgess","orcid":"https://orcid.org/0000-0003-4378-483X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Jonah Burgess","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080315320","display_name":"Domhnall Carlin","orcid":"https://orcid.org/0000-0002-8424-2757"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Domhnall Carlin","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017537630","display_name":"Philip O\u2019Kane","orcid":"https://orcid.org/0000-0002-7792-336X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Philip O'Kane","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5103745938","display_name":"Sakir Sezer","orcid":null},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sakir Sezer","raw_affiliation_strings":["Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen\u2019s University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies, Queen's University, Belfast, Northern Ireland","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072987802"],"corresponding_institution_ids":["https://openalex.org/I126231945"],"apc_list":null,"apc_paid":null,"fwci":0.2781,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.63425461,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9251524806022644},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8305222988128662},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.615608811378479},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5437125563621521},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.49357712268829346},{"id":"https://openalex.org/keywords/ground-truth","display_name":"Ground truth","score":0.4458692967891693},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.4179779887199402},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40723302960395813},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3953292965888977},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2749180793762207},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.09227409958839417}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9251524806022644},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8305222988128662},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.615608811378479},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5437125563621521},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.49357712268829346},{"id":"https://openalex.org/C146849305","wikidata":"https://www.wikidata.org/wiki/Q370766","display_name":"Ground truth","level":2,"score":0.4458692967891693},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.4179779887199402},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40723302960395813},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3953292965888977},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2749180793762207},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.09227409958839417},{"id":"https://openalex.org/C127313418","wikidata":"https://www.wikidata.org/wiki/Q1069","display_name":"Geology","level":0,"score":0.0},{"id":"https://openalex.org/C17409809","wikidata":"https://www.wikidata.org/wiki/Q161764","display_name":"Geochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/cns48642.2020.9162304","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns48642.2020.9162304","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:openaire/fafadda0-0f0d-466b-a0e8-855b4938e13f","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/fafadda0-0f0d-466b-a0e8-855b4938e13f","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/204370617/REdiREKT_Extracting_Malicious_Redirections_from_Exploit_Kit_Traffic.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Burgess, J, Carlin, D, O'Kane, P & Sezer, S 2020, REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic. in 2020 IEEE Conference on Communications and Network Security (CNS): Proceedings., 1570641813, Institute of Electrical and Electronics Engineers Inc., IEEE Conference on Communications and Network Security, Avignon, France, 29/06/2020. https://doi.org/10.1109/CNS48642.2020.9162304","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:pure.qub.ac.uk/portal:openaire/fafadda0-0f0d-466b-a0e8-855b4938e13f","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/fafadda0-0f0d-466b-a0e8-855b4938e13f","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/204370617/REdiREKT_Extracting_Malicious_Redirections_from_Exploit_Kit_Traffic.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Burgess, J, Carlin, D, O'Kane, P & Sezer, S 2020, REdiREKT: Extracting Malicious Redirections from Exploit Kit Traffic. in 2020 IEEE Conference on Communications and Network Security (CNS): Proceedings., 1570641813, Institute of Electrical and Electronics Engineers Inc., IEEE Conference on Communications and Network Security, Avignon, France, 29/06/2020. https://doi.org/10.1109/CNS48642.2020.9162304","raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2241406505","display_name":null,"funder_award_id":"EP/R007187/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5445011987","display_name":null,"funder_award_id":"EP/K004379/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6577499357","display_name":null,"funder_award_id":"EP/N508664/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3022221092.pdf","grobid_xml":"https://content.openalex.org/works/W3022221092.grobid-xml"},"referenced_works_count":31,"referenced_works":["https://openalex.org/W17155033","https://openalex.org/W1636478641","https://openalex.org/W1985683032","https://openalex.org/W2001637908","https://openalex.org/W2038424968","https://openalex.org/W2062533261","https://openalex.org/W2075344129","https://openalex.org/W2082180526","https://openalex.org/W2083391339","https://openalex.org/W2117202485","https://openalex.org/W2182421051","https://openalex.org/W2296488620","https://openalex.org/W2302325356","https://openalex.org/W2398757235","https://openalex.org/W2575270149","https://openalex.org/W2605123824","https://openalex.org/W2741807421","https://openalex.org/W2759741891","https://openalex.org/W2794786175","https://openalex.org/W2906692229","https://openalex.org/W2912248945","https://openalex.org/W2918605809","https://openalex.org/W2926136271","https://openalex.org/W2947057807","https://openalex.org/W2966749010","https://openalex.org/W2970485246","https://openalex.org/W2974849064","https://openalex.org/W4250934777","https://openalex.org/W6685992501","https://openalex.org/W6713065523","https://openalex.org/W6761475628"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2358353312","https://openalex.org/W2133389611"],"abstract_inverted_index":{"This":[0],"paper":[1],"proposes":[2],"REdiREKT,":[3,176],"a":[4,37,60,109],"system":[5],"which":[6],"utilises":[7],"the":[8,45,97,113,139,147,160,173],"open-source":[9],"Zeek":[10],"Intrusion":[11],"Detection":[12],"System":[13],"(IDS)":[14],"to":[15,30,70,90,100,138],"map":[16],"HTTP":[17],"redirection":[18,46,65,123,127,161],"chains":[19,47,162],"observed":[20],"in":[21,55],"Exploit":[22],"Kit":[23],"(EK)":[24],"attacks":[25],"and":[26,53,84,133,136,152,185],"extracts":[27],"distinguishing":[28],"features":[29,156],"assist":[31],"machine":[32],"learning":[33],"(ML).":[34],"We":[35],"build":[36,108],"ground-truth":[38],"dataset":[39,111],"of":[40,63,74,93,146,175,188],"EK":[41,79],"samples,":[42,80],"ensuring":[43],"that":[44,163],"for":[48],"every":[49],"sample":[50],"are":[51],"accurate":[52],"reusable":[54],"future":[56,166,186],"experiments.":[57],"By":[58],"processing":[59],"unique":[61],"combination":[62],"9":[64],"techniques,":[66],"REdiREKT":[67],"was":[68],"able":[69],"correctly":[71],"extract":[72,91,151],"96.52%":[73],"malicious":[75,94,126],"domains":[76,103,120],"from":[77,112,121,157],"1279":[78],"spanning":[81],"28":[82],"families":[83],"8":[85],"campaigns,":[86],"and,":[87,182],"only":[88],"failed":[89],"0.7%":[92],"chains.":[95,124],"Using":[96],"VirusTotal":[98],"API":[99],"filter":[101],"out":[102],"flagged":[104],"as":[105],"malicious,":[106],"we":[107,150,171],"benign":[110,140],"Alexa":[114],"top":[115],"10k":[116],"websites,":[117],"extracting":[118],"12,783":[119],"5910":[122],"The":[125],"data":[128],"is":[129],"divided":[130],"into":[131],"yearly":[132],"family-based":[134],"categories":[135],"compared":[137],"results.":[141],"Based":[142],"on":[143],"our":[144],"analysis":[145],"collected":[148],"data,":[149],"store":[153],"48":[154],"key":[155],"websites":[158],"within":[159],"could":[164],"aid":[165],"ML-based":[167],"detection":[168],"efforts.":[169],"Finally,":[170],"evaluate":[172],"performance":[174],"compare":[177],"it":[178],"with":[179],"existing":[180],"research,":[181],"suggest":[183],"use-cases":[184],"areas":[187],"work.":[189]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}