Creating a ML model based on Network Activity to detect Attacks from malicious web server

Balqees Al-Ajmi


Supervised by Amir Javed; Moderated by Martin J Chorley

In this project will be carried out in three stages. Stage 1 Path 1 1. Collect data from an online social network around a popular topic. 2. Identify those URL that are pointing to malicious web servers by checking them against Virus Total , send request via Virus Total API Path 2 1. Look at publicly available source of URL's classified as malicious [pointing to malicious web servers], such as Phistank etc. Stage 2 1. Using VirtualBox create a sandboxed environment 2. In the sandboxed environment have atleast 2 VM running different Win OS 3. Open the each identified URL's in stage 1 in atleast one of the VM 4. record network activity as VM interacts with web server for a period of 1 min. [time for observation can be changed] 5. reboot the VM to clean state 6. repeat from 3 Stage 3 Using the network activity data 1. Preprocess the data 2. Build machine learning model [atleast 2 to compare] that can detect malicious URL's based on network activity.

Initial Plan (08/02/2021) [Zip Archive]

Final Report (14/05/2021) [Zip Archive]

Publication Form