Detecting Unintended Redirects to Malicious Websites on Android Devices Based on URL-Switching Interval

Website clicks that redirect Android-phone users to malicious websites with fake virus alerts or phishing attacks are increasing exponentially. Although a uniform resource locator (URL) blocklist is considered a suitable countermeasure to such attacks, it is difficult to efficiently identify malicio...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 12; pp. 153285 - 153294
Main Authors Yamauchi, Toshihiro, Orito, Rintaro, Ebisu, Koji, Sato, Masaya
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2024
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
accessibility services
Android
Androids
Browsers
Focusing
Internet
Internet security
malicious websites
Malware
Monitoring
Operating systems
Smart phones
Smartphones
Switches
Uniform resource locators
Virtual private networks
web security
Web sites
web-based attacks
Websites
Online AccessGet full text

Cover

More Information
Summary:Website clicks that redirect Android-phone users to malicious websites with fake virus alerts or phishing attacks are increasing exponentially. Although a uniform resource locator (URL) blocklist is considered a suitable countermeasure to such attacks, it is difficult to efficiently identify malicious websites. To the best of our knowledge, no research has focused on detecting attacks that redirect Android-phone users to malicious websites. Therefore, we propose a redirect-detection method that focuses on the URL bar-switching interval of Android-based Google Chrome browser. The proposed method, which can be easily installed as an Android application, uses the Android accessibility service to detect unintended redirects to malicious websites without collecting information about these websites in advance. This paper details the design, implementation, and evaluation results of the proposed application on an actual Android device. We determined the threshold values for the number of times the URL bar switches and the elapsed time to determine redirects to malicious websites for the proposed method. Based on the results, we investigated the causes of false-positive detection of redirects to benign websites and offer solutions on handling them. We also present the threshold values that can minimize the false positive and negative rates, as well as the detection accuracy of the proposed method based on these threshold values. Additionally, we present the evaluations results based on the access logs of actual users participating in the WarpDrive project experiment, which indicate that the proposed method minimizes false positives and successfully detects most redirects to malicious websites.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3478748