Exploring Efficiency of Character-level Convolution Neuron Network and Long Short Term Memory on Malicious URL Detection

Pham, Thuy T.; Hoang, Van Nam; Ha, Thanh Ngoc

doi:10.1145/3301326.3301336

Cited by 19 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…LSTM is proven to be that it is a powerful technique for detecting phishing URLs (Bahnsen et al, 2017;Chen et al, 2018). Further, Pham et al (2018) have shown that the combination of 1D convolution layer and LSTM layer improves the accuracy, compared to the models that consider only LSTM layers in malicious URL detection. Therefore, this study selected 1D convolutional and LSTM architecture to train the URL features when designing the Model A.…”

Section: Model A: 1d Convolutional and Lstm Modelmentioning

confidence: 99%

“…Further, Chen et al (2018) reported that the CNN approach with the URLs has less accuracy compared to the LSTM. However, Pham et al (2018) stated that a combination of CNN and LSTM could give better results in detecting malicious URLs rather than using only LSTM. Although high accuracy is maintained in these automated malicious URL detection systems, URL shortening services that can hide malicious URLs, benign URLs becoming malicious in the future, and tools which can simulate URLs to bypass these models can be a challenge to have an effective phishing detection in the long run (Sahoo et al, 2017).…”

Section: Software-based Detectionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting phishing attacks using a combined model of LSTM and CNN

Ariyadasa¹

2020

Int. j. adv. appl. sci.

View full text Add to dashboard Cite

Phishing, a social engineering crime which has been existing for more than two decades, has gained significant research attention to find better solutions to face against the very dynamic strategies of phishing. The financial sector is the primary target of phishing, and there are many different approaches to combat phishing attacks. Software-based detection approaches are more prominent in phishing detection; however, still, there is no robust solution that can stable for a long period. The primary purpose of this paper is to propose a novel solution to detect phishing attacks using a combined model of LSTM and CNN deep networks with the use of both URLs and HTML pages. The URLs are learned using an LSTM network with 1D convolutional, and another 1D convolutional network is used to learn the HTML features. These two networks were trained separately and combined through a sigmoid layer by dropping the last layer of each model to have the proposed model. The proposed model reached 98.34% in terms of accuracy, and that is above the previously recorded highest accuracy of 97.3% among the detection models used both URL and HTML features in the explored literature. The solution requires feature extraction only with HTML pages, and URLs were directly fed with a minimum pre-processing. Although the proposed solution uses extracted HTML features, those do not depend on third-party services. Therefore, an efficient real-time application can be implemented using the proposed model to detect phishing attacks to safeguard Internet users.

show abstract

Section: Model A: 1d Convolutional and Lstm Modelmentioning

confidence: 99%

Section: Software-based Detectionmentioning

confidence: 99%

Detecting phishing attacks using a combined model of LSTM and CNN

Ariyadasa¹

2020

Int. j. adv. appl. sci.

View full text Add to dashboard Cite

show abstract

“…DGAs can be blocked using blacklists, but their coverage is widely deficient and inconsistent most of the time. In the light of artificial intelligence and machine learning, a DGA is examined as a classification issue [40]. DGAs represents 43,12% of the cases tackled with recurrent networks.…”

Section: Domain Generating Algorithmmentioning

confidence: 99%

“…In [43], it is suggested that LSTM DGA are potentially able to learn of much new data from a small number of real samples and it considers the association of reinforcement learning and LSTM with the specific objective of detecting ransomware attack threats (consisting of the attacker encrypting important business information stored on the victim's system, and demanding the payment of a ransom in exchange for the data being decrypted). In a benchmarking model, [40] demonstrate that the classification of DGA has the best precision (with more than 96%) of a CNN-LSTM model in comparison to a simple CNN or LSTM model, and [63] go a step further and incorporate attention mechanism [45] into the LSTM model in order to tackle the problem of long domain expression. The contribution of the attention mechanism is to focus on more important substrings.…”

Section: Domain Generating Algorithmmentioning

confidence: 99%

Untitled

2021

JUSPN

View full text Add to dashboard Cite

Reinforcement learning and recurrent networks are two emerging machine-learning paradigms. The first learns the best actions an agent needs to perform to maximize its rewards in a particular environment and the second has the specificity to use an internal state to remember previous analysis results and consider them for the current one. Research into RL and recurrent network has been proven to have made a real contribution to the protection of ubiquitous systems and pervasive networks against intrusions and malwares. In this paper, a systematic review of this research was performed in regard to various attacks and an analysis of the trends and future fields of interest for the RL and recurrent network-based research in network security was complete.

show abstract

“…Recently, DNN-MLPUs have gained tremendous popularity in detecting phishing URLs [5,47,50,66,77]. These methods use character and word vectors representations of URLs to train the Deep Neural Networks.…”

Section: Deep Neural Network (Dnn-mlpu)mentioning

confidence: 99%

Reliability and Robustness analysis of Machine Learning based Phishing URL Detectors

Sabir¹,

Ali²,

Gaire³

2020

Preprint

View full text Add to dashboard Cite

Background: Phishing URLs are critical security threats to internet users. They serve as weapons to perpetrate cyberattacks such as phishing, scam and drive-by-download attacks. These attacks cause inevitable losses to businesses and their users. Recently, Machine Learning Phishing URL classification (MLPU) systems have gained tremendous popularity to detect phishing URLs proactively. However, the security vulnerabilities of MLPUs remain mostly unknown. Aim: To address this concern, we conducted a study to understand the test time security vulnerabilities of the state-of-the-art MLPU systems in order to provide guidelines for the future development of these systems. Method: In this paper, we propose an evasion attack framework against MLPU systems. To achieve this, we first develop an algorithm to generate adversarial phishing URLs. We then reproduce 41 MLPU systems and record their baseline performance. Finally, we simulate an evasion attack to evaluate these MLPU systems against our generated adversarial URLs. Results: In comparison to the previous works, our attack is: (i) effective as it evades all the models with an average success rate of 66% and 85% for famous (such as Netflix, Google) and less popular phishing targets (e.g., Wish, JBHIFI, Officeworks) respectively; (ii) realistic as it requires only 23ms to produce a new adversarial URL variant that is available for registration with a median cost of only $11.99/year. We also found that popular online services such as Google SafeBrowsing and VirusTotal are unable to detect these URLs. (iii) We find that Adversarial training (successful defence against evasion attack) does not significantly improve the robustness of these systems as it decreases the success rate of our attack by only 6% on average for all the models. (iv) Further, we identify the security vulnerabilities of the considered MLPU systems. Our findings can lead to promising directions for the future research. Conclusion: Our study not only illustrate vulnerabilities in MLPU systems but also highlights the implications for future research towards assessing and improving these systems.

show abstract

Exploring Efficiency of Character-level Convolution Neuron Network and Long Short Term Memory on Malicious URL Detection

Cited by 19 publications

References 9 publications

Detecting phishing attacks using a combined model of LSTM and CNN

Detecting phishing attacks using a combined model of LSTM and CNN

Untitled

Reliability and Robustness analysis of Machine Learning based Phishing URL Detectors

Contact Info

Product

Resources

About