{"id":"https://openalex.org/W4389613218","doi":"https://doi.org/10.1145/3630590.3630600","title":"Unraveling Threat Intelligence Through the Lens of Malicious URL Campaigns","display_name":"Unraveling Threat Intelligence Through the Lens of Malicious URL Campaigns","publication_year":2023,"publication_date":"2023-12-12","ids":{"openalex":"https://openalex.org/W4389613218","doi":"https://doi.org/10.1145/3630590.3630600"},"language":"en","primary_location":{"id":"doi:10.1145/3630590.3630600","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3630590.3630600","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th Asian Internet Engineering Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5019198548","display_name":"Mahathir Almashor","orcid":"https://orcid.org/0000-0002-3846-6282"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I2800669942","display_name":"EnergyAustralia (Australia)","ror":"https://ror.org/004g8sj50","country_code":"AU","type":"company","lineage":["https://openalex.org/I2800669942"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Mahathir Almashor","raw_affiliation_strings":["CSIRO Energy, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3846-6282","affiliations":[{"raw_affiliation_string":"CSIRO Energy, Australia","institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I2800669942"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042828824","display_name":"Muhammad Ejaz Ahmed","orcid":"https://orcid.org/0000-0001-8033-0998"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Ejaz Ahmed","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8033-0998","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088116746","display_name":"Benjamin Pick","orcid":"https://orcid.org/0009-0007-0278-4215"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Benjamin Pick","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0009-0007-0278-4215","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Jason Xue","orcid":"https://orcid.org/0000-0001-5411-5039"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Jason Xue","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0001-5411-5039","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086357020","display_name":"Alsharif Abuadbba","orcid":"https://orcid.org/0000-0001-9695-7947"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Sharif Abuadbba","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0001-9695-7947","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110752696","display_name":"Raj Gaire","orcid":null},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Raj Gaire","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0003-2499-2553","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400133","display_name":"Shuo Wang","orcid":"https://orcid.org/0000-0001-8938-2364"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shuo Wang","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0001-8938-2364","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084022157","display_name":"Seyit Camtepe","orcid":"https://orcid.org/0000-0001-6353-8359"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Seyit Camtepe","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0001-6353-8359","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5082256444","display_name":"\u202aSurya Nepal\u202c","orcid":"https://orcid.org/0000-0002-3289-6599"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Surya Nepal","raw_affiliation_strings":["CSIRO Data61, Australia"],"raw_orcid":"https://orcid.org/0000-0002-3289-6599","affiliations":[{"raw_affiliation_string":"CSIRO Data61, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":9,"corresponding_author_ids":["https://openalex.org/A5019198548"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I2800669942"],"apc_list":null,"apc_paid":null,"fwci":1.3453,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.86178802,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"78","last_page":"86"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6964299082756042},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6463664770126343},{"id":"https://openalex.org/keywords/vendor","display_name":"Vendor","score":0.5385869741439819},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4414803981781006},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.41701364517211914},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3565558195114136},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.12971237301826477},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.12854424118995667}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6964299082756042},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6463664770126343},{"id":"https://openalex.org/C2777338717","wikidata":"https://www.wikidata.org/wiki/Q1762621","display_name":"Vendor","level":2,"score":0.5385869741439819},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4414803981781006},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.41701364517211914},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3565558195114136},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.12971237301826477},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.12854424118995667},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3630590.3630600","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3630590.3630600","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th Asian Internet Engineering Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":47,"referenced_works":["https://openalex.org/W1775663022","https://openalex.org/W1975909792","https://openalex.org/W2040576886","https://openalex.org/W2158568356","https://openalex.org/W2164373098","https://openalex.org/W2278186031","https://openalex.org/W2295502246","https://openalex.org/W2470929368","https://openalex.org/W2518350929","https://openalex.org/W2604900212","https://openalex.org/W2614419969","https://openalex.org/W2756261530","https://openalex.org/W2788552719","https://openalex.org/W2793337260","https://openalex.org/W2804240301","https://openalex.org/W2808323833","https://openalex.org/W2837911466","https://openalex.org/W2887799690","https://openalex.org/W2890262614","https://openalex.org/W2891316582","https://openalex.org/W2892859754","https://openalex.org/W2897385569","https://openalex.org/W2899992227","https://openalex.org/W2902827568","https://openalex.org/W2902942389","https://openalex.org/W2903094299","https://openalex.org/W2913770937","https://openalex.org/W2933056782","https://openalex.org/W2943546107","https://openalex.org/W2980720901","https://openalex.org/W2986291326","https://openalex.org/W2990619902","https://openalex.org/W3000666967","https://openalex.org/W3003545752","https://openalex.org/W3016472551","https://openalex.org/W3022651159","https://openalex.org/W3092339960","https://openalex.org/W3092781945","https://openalex.org/W3093500242","https://openalex.org/W3094380520","https://openalex.org/W3107723856","https://openalex.org/W3113318878","https://openalex.org/W3123115621","https://openalex.org/W3146533344","https://openalex.org/W3185024416","https://openalex.org/W3193579626","https://openalex.org/W3198775197"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2502115930","https://openalex.org/W4246396837","https://openalex.org/W2482350142","https://openalex.org/W3176240006","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4288019534"],"abstract_inverted_index":{"The":[0],"daily":[1],"deluge":[2],"of":[3,20,26,32,40,74,129],"alerts":[4],"is":[5],"a":[6,30,118],"sombre":[7],"reality":[8],"for":[9],"Security":[10],"Operations":[11],"Centre":[12],"(SOC)":[13],"personnel":[14],"worldwide.":[15],"Those":[16],"on":[17,141],"the":[18,23,72,166,181],"front-lines":[19],"cybersecurity":[21],"face":[22],"unenviable":[24],"task":[25],"prioritising":[27],"threats":[28],"amongst":[29],"flood":[31],"URLs":[33,45,70,81,104,148],"found":[34,101],"within":[35,43,82,120],"malicious":[36,75,96],"communications.":[37],"Timely":[38],"detection":[39,62],"pertinent":[41],"patterns":[42],"such":[44,130,144],"allows":[46],"teams":[47],"to":[48,67,106,174],"deescalate":[49],"threats.":[50],"This":[51],"has":[52],"been":[53],"traditionally":[54],"filled":[55],"with":[56,183],"machine-learning":[57],"log":[58],"analysis":[59,124],"and":[60,149,179],"anomaly":[61],"methods.":[63],"Instead,":[64],"we":[65,92,100,172],"propose":[66],"analyse":[68],"suspicious":[69,90],"from":[71,86],"perspective":[73],"URL":[76,115,170],"campaigns.":[77,97],"By":[78,164],"first":[79],"grouping":[80],"311M":[83],"records":[84],"gathered":[85],"VirusTotal":[87],"into":[88],"2.6M":[89],"clusters,":[91],"thereafter":[93],"discovered":[94],"77.8K":[95],"From":[98],"those,":[99],"9.9M":[102],"unique":[103],"attributable":[105],"18.3K":[107],"multi-URL":[108],"campaigns":[109,131,167],"that":[110,126,159],"had":[111],"at":[112],"least":[113],"1":[114],"flagged":[116],"by":[117,134],"vendor":[119],"VirusTotal.":[121],"Worryingly,":[122],"our":[123],"shows":[125],"only":[127],"2.97%":[128],"were":[132],"detected":[133],"security":[135],"vendors.":[136],"We":[137],"also":[138],"confer":[139],"insights":[140],"evasive":[142],"tactics":[143],"as":[145,154,156],"ever":[146],"lengthier":[147],"more":[150],"diverse":[151],"domain":[152],"names,":[153],"well":[155],"case":[157],"studies":[158],"expose":[160,175],"other":[161],"adversarial":[162],"techniques.":[163],"characterising":[165],"driving":[168],"these":[169],"alerts,":[171],"hope":[173],"current":[176],"threat":[177,185],"trends,":[178],"arm":[180],"community":[182],"greater":[184],"intelligence.":[186]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}