Committed to connecting the world

  •  

ITU-T work programme

[2025-2028] : [SG17] : [Q4/17]

[Declared patent(s)]  - [Associated work]

Work item: X.rcdmu
Subject/title: Requirements for collection and detection of malicious URLs in cyber threat analysis
Status: Under study 
Approval process: TAP
Type of work item: Recommendation
Version: New
Equivalent number: -
Timing: 2028-Q2 (Medium priority)
Liaison: ISO/IEC JTC1 SC27; IETF; SG13; ETSI; OASIS CTI TC; ICANN
Supporting members: Korea (Rep. of), Soonchunhyang University
Summary: Malicious URLs serve as a primary attack vector in modern cyberattacks. Despite their prevalence, global detection rates remain low due to short operational lifespans, abuse of legitimate infrastructure, and systematic evasion techniques such as cloaking and multi-stage delivery. Existing standards address reactive detection and general network security controls but do not systematically define proactive, multi-source URL threat collection or integrated detection across endpoint, and network. This recommendation defines requirements for the classification, proactive collection, enrichment, and detection of malicious URLs. It establishes collection channel requirements covering internal URL access information(endpoint and network), together with data collection and multi-method detection requirements to enable identification of URL-based threats before they reach victim organizations.
Comment: -
Reference(s):
  Historic references:
-
Contact(s):
Yunkyung HAH, Editor
Jonghyun KIM, Editor
Jihoon OH, Editor
Kyounga SHIN, Editor
ITU-T A.5 justification(s):
Generate A.5 drat TD
-
[Submit new A.5 justification ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2026-06-10 13:51:00
Last update: 2026-06-10 13:56:25