|
Work item:
|
X.rcdmu
|
|
Subject/title:
|
Requirements for collection and detection of malicious URLs in cyber threat analysis
|
|
Status:
|
Under study
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2028-Q2 (Medium priority)
|
|
Liaison:
|
ISO/IEC JTC1 SC27; IETF; SG13; ETSI; OASIS CTI TC; ICANN
|
|
Supporting members:
|
Korea (Rep. of), Soonchunhyang University
|
|
Summary:
|
Malicious URLs serve as a primary attack vector in modern cyberattacks. Despite their prevalence, global detection rates remain low due to short operational lifespans, abuse of legitimate infrastructure, and systematic evasion techniques such as cloaking and multi-stage delivery. Existing standards address reactive detection and general network security controls but do not systematically define proactive, multi-source URL threat collection or integrated detection across endpoint, and network. This recommendation defines requirements for the classification, proactive collection, enrichment, and detection of malicious URLs. It establishes collection channel requirements covering internal URL access information(endpoint and network), together with data collection and multi-method detection requirements to enable identification of URL-based threats before they reach victim organizations.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2026-06-10 13:51:00
|
|
Last update:
2026-06-10 13:56:25
|