{"title":"Advancing Malicious Website Identification: A Machine Learning Approach Using Granular Feature Analysis","authors":"Kinh Tran, Dusan Sovilj","doi":"arxiv-2409.07608","DOIUrl":null,"url":null,"abstract":"Malicious website detection is an increasingly relevant yet intricate task\nthat requires the consideration of a vast amount of fine details. Our objective\nis to create a machine learning model that is trained on as many of these finer\ndetails as time will allow us to classify a website as benign or malicious. If\nmalicious, the model will classify the role it plays (phishing, spam, malware\nhosting, etc.). We proposed 77 features and created a dataset of 441,701\nsamples spanning 9 website classifications to train our model. We grouped the\nproposed features into feature subsets based on the time and resources required\nto compute these features and the performance changes with the inclusion of\neach subset to the model. We found that the performance of the best performing\nmodel increased as more feature subsets were introduced. In the end, our best\nperforming model was able to classify websites into 1 of 9 classifications with\na 95.89\\% accuracy score. We then investigated how well the features we\nproposed ranked in importance and detail the top 10 most relevant features\naccording to our models. 2 of our URL embedding features were found to be the\nmost relevant by our best performing model, with content-based features\nrepresenting half of the top 10 spots. The rest of the list was populated with\nsingular features from different feature categories including: a host feature,\na robots.txt feature, a lexical feature, and a passive domain name system\nfeature.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"40 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07608","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Malicious website detection is an increasingly relevant yet intricate task
that requires the consideration of a vast amount of fine details. Our objective
is to create a machine learning model that is trained on as many of these finer
details as time will allow us to classify a website as benign or malicious. If
malicious, the model will classify the role it plays (phishing, spam, malware
hosting, etc.). We proposed 77 features and created a dataset of 441,701
samples spanning 9 website classifications to train our model. We grouped the
proposed features into feature subsets based on the time and resources required
to compute these features and the performance changes with the inclusion of
each subset to the model. We found that the performance of the best performing
model increased as more feature subsets were introduced. In the end, our best
performing model was able to classify websites into 1 of 9 classifications with
a 95.89\% accuracy score. We then investigated how well the features we
proposed ranked in importance and detail the top 10 most relevant features
according to our models. 2 of our URL embedding features were found to be the
most relevant by our best performing model, with content-based features
representing half of the top 10 spots. The rest of the list was populated with
singular features from different feature categories including: a host feature,
a robots.txt feature, a lexical feature, and a passive domain name system
feature.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
