Efficient segment pattern based method for malicious URL detection

Hai-lun LIN; Yan LI; Wei-ping WANG; Yin-liang YUE; Zheng LIN

doi:10.11959/j.issn.1000-436x.2015293

您当前的位置：

首页 >

文章列表页 >

Efficient segment pattern based method for malicious URL detection

Academic paper | 更新时间：2024-06-05

- Efficient segment pattern based method for malicious URL detection
- Journal on Communications Vol. 36, Issue Z1, Pages: 141-148(2015)
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 国家计算机网络应急技术处理协调中心，北京 100029
- 作者简介：
- 基金信息：
  
  The National High Technology Research and Development Program of China (863 Program)(Y370041101);The National Natural Science Foundation of China(61174152);The National Natural Science Foundation of China(61303056);The National Natural Science Foundation of China(61402464);The National Natural Science Foundation of China(61502478)
- DOI：10.11959/j.issn.1000-436x.2015293
  CLC： TP319
- Online First：2015-11，
  
  Published：25 November 2015
- 稿件说明：
移动端阅览
Hai-lun LIN, Yan LI, Wei-ping WANG, et al. Efficient segment pattern based method for malicious URL detection[J]. Journal on Communications, 2015, 36(Z1): 141-148.
DOI：

Hai-lun LIN, Yan LI, Wei-ping WANG, et al. Efficient segment pattern based method for malicious URL detection[J]. Journal on Communications, 2015, 36(Z1): 141-148. DOI： 10.11959/j.issn.1000-436x.2015293.

摘要

提出一种高效的基于段模式的检测恶意URL的方法，该方法首先解析已标注的恶意URL中的域名、路径名和文件名3个语义段，然后通过建立以三元组为词项的倒排索引快速计算恶意URL每个语义段的模式，最后基于倒排索引查找到的段模式来判定给定的URL是否是恶意URL。不仅如此，该方法还支持基于Jaccard的随机域名识别技术来判定包含随机域名的恶意URL。实验结果表明，与当前先进的基准方法相比，该方法具有较好的性能和可扩展性。

Abstract

An efficient segment based method for detecting malicious URL was proposed.Firstly it analyzed the annotated malicious URLs in terms of three semantic segments

i.e.

domain segment

path segment and file segment.Secondly it quickly calculated the common pattern of each semantic segment exploiting the tri-gram model based inverted index.Finally it decided whether a given URL was malicious based on the segment patterns returned by searching the inverted index.Moreover

this method also supported the Jaccard based random domain name identification technique for deciding malicious URLs with random domain name.Experimental results show that proposed method outperforms the state-of-the-art baseline methods

and can achieve good efficiency and scalability on malicious URL detection.

关键词

Keywords

references

Ponenom Institute . 2014 Global Report on the Cost of Cyber Crime [R ] . 2014 .

PORRAS P , SAIDI H . YEGNESWARAN V . Conficker C P2P Protocol and Implementation [R ] . SRI International Tech.Rep . 2009 .

PORRAS P , SAIDI H , YEGNESWARAN V . An Analysis of Conficker’s Logic and Rendezvous Points [R ] . SRI International Tech.Rep , 2009 .

https://url.spec.whatwg.org/ [EB/OL ] . 2015 .

HENZINGE T A , RASKIN J C C O . The equivalence problem for finite automata:technical perspective [J ] . Communications of the ACM , 2015 , 58 ( 2 ): 86 - 86 .

PRAKASH P , KUMAR M , KOMPELLA R R , et al . Phishnet:predictive blacklisting to detect phishing attacks [A ] . Proceedings of IEEE International Conference on Computer Communications [C ] . 2010 . 1 - 5 .

LIKARISH P , JUNG E . Leveraging Google safe browsing to characterize Web-based attacks [A ] . Association for Computing Machinery [C ] . 2009 .

PROVOS N , MAVROMMATIC P , RAJAB M A , et al . All your iframes point to us [A ] . Proceedings of the 17th Usenix Security Symposium [C ] . 2008 . 1 - 16 .

MOSHCHUK A , BRAGIN T , GRIBBLE S D , et al . A crawler-based study of spyware in the Web [A ] . Proceedings of the Network and Distributed System Security Symposium [C ] . 2006 .

ZHANG Y , HONG J , CRANOR L . Cantina:a content-based approach to detecting phishing Web sites [A ] . Proceedings of 16th International Conference on World Wide Web [C ] . 2007 . 639 - 648 .

许杰 . 云安全模式下恶意URL实时检测系统的设计与测试 [D ] . 北京:北京邮电大学 , 2014 .

XU J . Design and Testing of Malicious URL Real-time Detecting System Working in the Mode of Cloud Security [D ] . Beijing University of Posts and Telecommunications , 2014 .

GARERA S , PROVOS N , CHEW M . A framework for detection and measurement of phishing attacks [A ] . Proceedings of 5th ACM Workshop on Recurring Malcode [C ] . 2007 . 1 - 8 .

MA J , SAUL L K , SAVAGE S , et al . Beyond blacklists:learning to detect malicious Web sites from suspicious URLs [A ] . Proceedings of the 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining [C ] . 2009 . 1245 - 1254 .

MA J , SAUL L K , SAVAGE S , et al . Identifying suspicious URLs:an application of large-scale online learning [A ] . Proceedings of the 26th International Conference on Machine Learning [C ] . 2009 . 681 - 688 .

THOMAS K , GRIER C , MA J , et al . Design and evaluation of a real-time url spam filtering service [A ] . Proceedings of the 2011 IEEE Symposium on Security and Privacy [C ] . 2011 . 447 - 462 .

HUANG D , XU K , PEI J . Malicious URL detection by dynamically mining patterns without pre-defined elements [J ] . World Wide Web , 2014 , 17 ( 6 ): 1375 - 1394 .

HAN J W , KAMBER M , PEI J . Data Mining:Concepts and Techniques [M ] . Beijing:China Machine Press . 2012 .

YADAV S , REDDY A K , RANJAN S . Detecting algorithmically generated malicious domain names [A ] . Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement [C ] . 2010 . 48 - 61 .

Views

2757

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Efficient and scalable architecture for searchable symmetric encryption

Related Author

Zhi-qiang WU

Ken-li LI

Hui ZHENG

Related Institution

College of Information Science and Engineering，Hunan University

School of Tourism Management，Hunan University of Commerce

AI问答

⁰