A Malicious URL Detection Model Based on Convolutional Neural Network

Wang, Zhiqiang; Ren, Xiaorui; Li, Shuhao; Wang, Bingyan; Zhang, Jianyi; Yang, Tao

doi:10.1155/2021/5518528

Cited by 13 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Regarding the problem of detecting phishing URLs, there are two main methods: rule-based detection method and behavior analysis-based detection method [1,2,3]. In which, the behavior-based detection method using machine learning and deep learning algorithms is developing a lot nowadays.…”

Section: Introduction Network Anomaly Detection Methods Are Usually Based Onmentioning

confidence: 99%

“…Behaviorbased detection methods often seek ways to analyze anomalous behavior based on URL information. Some information is often applied to extract such as [1,3,4,5,6,7,8,9,10] domain, HTTP protocol, body, DNS query, lexical, host-based, etc. In this paper, we propose some new features representing abnormal behaviors of phishing URLs.…”

Section: Introduction Network Anomaly Detection Methods Are Usually Based Onmentioning

confidence: 99%

“…to classify these URLs. Similarly, in the research [3], the authors proposed a method to detect malicious URLs using the dynamic convolutional neural network model. In the experimental part, the authors conducted experiments and proved that this proposal is superior to other methods using convolutional neural networks.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Developing a Framework for Detecting Phishing URLs using Machine Learning

Lam¹

2021

IJETAE

View full text Add to dashboard Cite

The attack technique targeting end-users through phishing URLs is very dangerous nowadays. With this technique, attackers could steal user data or take control of the system, etc. Therefore, early detecting phishing URLs is essential. In this paper, we propose a method to detect phishing URLs based on supervised learning algorithms and abnormal behaviors from URLs. Finally, based on the research results, we build a framework for detecting phishing URLs through endusers. The novelty and advantage of our proposed method are that abnormal behaviors are extracted based on URLs which are monitored and collected directly from attack campaigns instead of using inefficient old datasets. Keywords— phishing URLs; detecting phishing URLs; abnormal behaviors of phishing URLs; Machine learning

show abstract

Section: Introduction Network Anomaly Detection Methods Are Usually Based Onmentioning

confidence: 99%

Section: Introduction Network Anomaly Detection Methods Are Usually Based Onmentioning

confidence: 99%

See 1 more Smart Citation

Developing a Framework for Detecting Phishing URLs using Machine Learning

Lam¹

2021

IJETAE

View full text Add to dashboard Cite

show abstract

“…An ensemble model was built aiming to improve the detection rate. Wang et al [ 28 ] proposed a model using Dynamic Convolutional Neural Network (DCNN) for malicious URLs detection. Stating that their model can prevent attackers from passing the current detection model, and the problem of not having the malicious features extracted properly is solved.…”

Section: Literature Reviewmentioning

confidence: 99%

“…al [ 27 ] RD, DT, NB, AdaBoost, KNN, XGBoost, SVM, Ensemble Private 2-Classes XGBoost is a powerful algorithm Fast Approach, Applying ensemble model Good features extraction The main focus was on feature extraction only It might get bypassed in modern ways Wang et. al [ 28 ] DCNN Private 2-Classes Good learning mechanism There is a low possibility of mixing benign and dangerous URLs High accuracy The model is heavy-weight Dark web URLs cannot be classified In real-time, the detection process will affect the network performance Manoj et al [ 29 ] Logistic regression, SVM, XGBoost, MLP, and Auto-Encoders Alexa, Dmoz, personal web history, PhishTank, whois 2-Classes Several classifiers were used Using XGBoost and MLP Good analyzing process Small dataset Low accuracy Slow in real-time Relying on 3rd-parties Rana et al [ 30 ] LMT Phish Tank (2015) 2-Classes Multilayer deep learning Approach for better detection Old and small dataset, Modern phishing URLs might not be detected …”

Section: Literature Reviewmentioning

confidence: 99%

An intelligent identification and classification system for malicious uniform resource locators (URLs)

Al‐Haija

Al-Fayoumi

2023

Neural Comput & Applic

View full text Add to dashboard Cite

Uniform Resource Locator (URL) is a unique identifier composed of protocol and domain name used to locate and retrieve a resource on the Internet. Like any Internet service, URLs (also called websites) are vulnerable to compromise by attackers to develop Malicious URLs that can exploit/devastate the user’s information and resources. Malicious URLs are usually designed with the intention of promoting cyber-attacks such as spam, phishing, malware, and defacement. These websites usually require action on the user’s side and can reach users across emails, text messages, pop-ups, or devious advertisements. They have a potential impact that can reach, in some cases, to compromise the machine or network of the user, especially those arriving by email. Therefore, developing systems to detect malicious URLs is of great interest nowadays. This paper proposes a high-performance machine learning-based detection system to identify Malicious URLs. The proposed system provides two layers of detection. Firstly, we identify the URLs as either benign or malware using a binary classifier. Secondly, we classify the URL classes based on their feature into five classes: benign, spam, phishing, malware, and defacement. Specifically, we report on four ensemble learning approaches, viz. the ensemble of bagging trees (En_Bag) approach, the ensemble of k-nearest neighbor (En_kNN) approach, and the ensemble of boosted decision trees (En_Bos) approach, and the ensemble of subspace discriminator (En_Dsc) approach. The developed approaches have been evaluated on an inclusive and contemporary dataset for uniform resource locators (ISCX-URL2016). ISCX-URL2016 provides a lightweight dataset for detecting and categorizing malicious URLs according to their attack type and lexical analysis. Conventional machine learning evaluation measurements are used to evaluate the detection accuracy, precision, recall, F Score, and detection time. Our experiential assessment indicates that the ensemble of bagging trees (En_Bag) approach provides better performance rates than other ensemble methods. Alternatively, the ensemble of the k-nearest neighbor (En_kNN) approach provides the highest inference speed. We also contrast our En_Bag model with state-of-the-art solutions and show its superiority in binary classification and multi-classification with accuracy rates of 99.3% and 97.92%, respectively.

show abstract