2017
DOI: 10.48550/arxiv.1702.08568
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys

Abstract: For years security machine learning research has promised to obviate the need for signature based detection by automatically learning to detect indicators of attack. Unfortunately, this vision hasn't come to fruition: in fact, developing and maintaining today's security machine learning systems can require engineering resources that are comparable to that of signature-based detection systems, due in part to the need to develop and continuously tune the "features" these machine learning systems look at as attac… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
69
0

Year Published

2018
2018
2024
2024

Publication Types

Select...
4
3

Relationship

2
5

Authors

Journals

citations
Cited by 36 publications
(69 citation statements)
references
References 18 publications
0
69
0
Order By: Relevance
“…eXpose. Saxe and Berlin [22] proposed eXpose, a CNN-based classifier for detecting malicious URLs, file paths and registry keys. The main difference of this model compared to NYU lies in the usage of the CNN layers.…”
Section: Dga Detection Classifiersmentioning
confidence: 99%
See 2 more Smart Citations
“…eXpose. Saxe and Berlin [22] proposed eXpose, a CNN-based classifier for detecting malicious URLs, file paths and registry keys. The main difference of this model compared to NYU lies in the usage of the CNN layers.…”
Section: Dga Detection Classifiersmentioning
confidence: 99%
“…On the other side, contextless approaches (e.g. [6,22,24,29,31]) entirely rely on information extracted from a single domain name for classification and are thus less resource intensive and less privacy invasive. Prior studies (e.g.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Various approaches have been proposed in the past to capture DGA activity within networks. These approaches can be roughly divided into context-less (e.g., [10,43,45,56,61]) and context-aware approaches (e.g., [3,6,19,44,47,58]). The former group uses information extracted only from individual domain names and ignores any contextual data to separate benign from DGA-generated domains.…”
Section: Dga Detectionmentioning
confidence: 99%
“…The proposed context-less ML classifiers can be further divided into feature-based such as support vector machines or random forests (e.g., [45]), and feature-less (DL) classifiers such as recurrent (RNN), convolutional (CNN), or residual neural networks (ResNet) (e.g., [10,43,56,61]). When comparing both types of classifiers, it was shown that the approaches based on DL achieve superior detection performance [10,37,51,56].…”
Section: Dga Detectionmentioning
confidence: 99%