A lexical approach for classifying malicious URLs

2015 International Conference on High Performance Computing & Simulation (HPCS) Pub Date : 2015-07-20 DOI:10.1109/HPCSim.2015.7237040

Michael Darling, G. Heileman, Gilad Gressel, Aravind Ashok, P. Poornachandran

{"title":"A lexical approach for classifying malicious URLs","authors":"Michael Darling, G. Heileman, Gilad Gressel, Aravind Ashok, P. Poornachandran","doi":"10.1109/HPCSim.2015.7237040","DOIUrl":null,"url":null,"abstract":"Given the continuous growth of malicious activities on the internet, there is a need for intelligent systems to identify malicious web pages. It has been shown that URL analysis is an effective tool for detecting phishing, malware, and other attacks. Previous studies have performed URL classification using a combination of lexical features, network traffic, hosting information, and other strategies. These approaches require time-intensive lookups which introduce significant delay in real-time systems. In this paper, we describe a lightweight approach for classifying malicious web pages using URL lexical analysis alone. Our goal is to explore the upper-bound of the classification accuracy of a purely lexical approach. We also aim to develop a scalable approach which could be used in a real-time system. We develop a classification system based on lexical analysis of URLs. It correctly classifies URLs of malicious web pages with 99.1% accuracy, a 0.4% false positive rate, an F1-Score of 98.7, and 0.62 milliseconds on average. Our method also outperforms similar approaches when classifying out-of-sample data.","PeriodicalId":134009,"journal":{"name":"2015 International Conference on High Performance Computing & Simulation (HPCS)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"55","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on High Performance Computing & Simulation (HPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPCSim.2015.7237040","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 55

Abstract

Given the continuous growth of malicious activities on the internet, there is a need for intelligent systems to identify malicious web pages. It has been shown that URL analysis is an effective tool for detecting phishing, malware, and other attacks. Previous studies have performed URL classification using a combination of lexical features, network traffic, hosting information, and other strategies. These approaches require time-intensive lookups which introduce significant delay in real-time systems. In this paper, we describe a lightweight approach for classifying malicious web pages using URL lexical analysis alone. Our goal is to explore the upper-bound of the classification accuracy of a purely lexical approach. We also aim to develop a scalable approach which could be used in a real-time system. We develop a classification system based on lexical analysis of URLs. It correctly classifies URLs of malicious web pages with 99.1% accuracy, a 0.4% false positive rate, an F1-Score of 98.7, and 0.62 milliseconds on average. Our method also outperforms similar approaches when classifying out-of-sample data.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

用于对恶意url进行分类的词法方法

鉴于互联网上恶意活动的持续增长，需要智能系统来识别恶意网页。事实证明，URL分析是检测网络钓鱼、恶意软件和其他攻击的有效工具。以前的研究使用词法特征、网络流量、托管信息和其他策略的组合来执行URL分类。这些方法需要大量的时间查找，这会给实时系统带来很大的延迟。在本文中，我们描述了一种仅使用URL词法分析对恶意网页进行分类的轻量级方法。我们的目标是探索纯词法方法的分类精度的上限。我们还致力于开发一种可扩展的方法，可用于实时系统。我们开发了一个基于词法分析的url分类系统。它对恶意网页url的正确分类准确率为99.1%，误报率为0.4%，F1-Score为98.7，平均0.62毫秒。在分类样本外数据时，我们的方法也优于类似的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2015 International Conference on High Performance Computing & Simulation (HPCS)

自引率

0.00%

发文量