Malicious Threat Detection Powered by TitanHQHome / Security Articles / Malicious Threat Detection Powered by TitanHQ
WebTitan employs a crowd-sourced approach for obtaining a constant stream of URLs for analysis. This continuous stream of ActiveWeb (URLs actively visited by end users) comes from a global network of customers across a number of high traffic markets: Network Security, Subscriber Analytics, and Ad Tech.
This includes over 550 million end users and growing-and is the primary in-house source for threat corpora used to train human-supervised Machine Learning systems. This combined and integrative approach empowers us to continuously enhance, optimize, and fine-tune our malicious detection capabilities in an ever-changing threat landscape.
» Supporting 550-600 Million End Users.
» Covering numerous industries including:
» ActiveWeb Input and queries on:
WebTitan leverages an integrative, multi-vector approach and in-house analysis to detect, monitor, and accurately categorize new threats. Our approach combines the following methods:
» URLs/Website Detection
» ActiveWeb Input and queries on:
Human-Supervised Machine Learning
The WebTitan team continuously samples malicious detections to profile, test, and validate threats. The results of the continuous sampling are then used to feed/train the supervised Machine Learning systems and adjust or tune the efficiency, accuracy, and overall effectiveness of the malicious detection systems.
URL, Domain and Path Coverage
One of the critical features that WebTitan provides is an ability for deep analysis due to full path detection. In a nutshell, page and path-level reporting provides analytical credibility to what is being marked as malicious. The majority of malicious URLs in the WebTitan databases are detailed down to the path level. In the case of non-IP based URLs, 88.35% are marked as malicious down to the path level. In the case of IP-based URLs, the numberis significantly higher with 99.70% of URLs being identified as having a path. This is extremely important because ONS-based systems typically work at the domain level only.
Malicious URL Revisit Process
Due to the variable life cycle of malicious URLs, it is imperative be able to inspect and detect URLs quickly to ensure they are still malicious. The WebTitan Malicious Detection Service includes an automated revisit process where malicious URLs are revisited on a set schedule. Each day, WebTitan revisits up to 300,000 malicious URLs to determine if they are still infected or are now clean. Since WebTitan's malicious detection service is able to obtain the full path, it is able to revisit that exact URL and obtain crucial results on a granular and highly accurate level.
WebTitan's threat detection systems utilize the following ten (10) types of Malicious Categories:
Sites that are being used to commit fraudulent online display advertising transactions using ad impression boosting techniques including (but not limited to) ad stacking, iframe stuffing, and hidden ads. Sites that have high non-human web traffic and with rapid, large and unexplained changes in traffic.
Bots are compromised machines running software that is used by hackers to send spam, phishing attacks, and denial of service attacks.
3. Malware Distribution Point:
Web pages that host viruses, exploits, and other malware are considered Malware Distribution Points.
4. Spyware & Questionable Software:
Software that reports information back to a central server such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some users mayobject to having on their system.
Web pages that impersonate other web pages usually with the intent of stealing passwords, credit card numbers, etc. Also includes web pages that are part of scams such as a "419" scam - where a person is convinced to hand over money with the expectation of a big payback that never comes.
6. Command + Control Centers:
Internet servers used to send commands to infected machines called bots.
When viruses and spyware report information back to a particular URL or check a URL for updates, this is considered a malware call-home address.
8. Compromised & Links To Malware:
Compromised web pages are pages that appear to be legitimate, but house malicious code or link to malicious websites hosting malware. These sites have been compromised by someone other than the site owner.
9. Spam URLs:
URLs that frequently occur in spam messages
10. Cryptocurrency Mining:
Websites that use cryptocurrency mining technology without user permission.