URLNet: Learning a URL representation with deep learning for malicious URL detection

Author

Hung LE, Singapore Management UniversityFollow
Hong Quang PHAM, Singapore Management UniversityFollow
Doyen SAHOO, Singapore Management UniversityFollow
Steven C. H. HOI, Singapore Management UniversityFollow

Publication Type

Working Paper

Version

publishedVersion

Publication Date

3-2018

Abstract

Malicious URLs host unsolicited content and are used to perpetrate cybercrimes. It is imperative to detect them in a timely manner. Traditionally, this is done through the usage of blacklists, which cannot be exhaustive, and cannot detect newly generated malicious URLs. To address this, recent years have witnessed several efforts to perform Malicious URL Detection using Machine Learning. The most popular and scalable approaches use lexical properties of the URL string by extracting Bag-of-words like features, followed by applying machine learning models such as SVMs. There are also other features designed by experts to improve the prediction performance of the model. These approaches suffer from several limitations: (i) Inability to effectively capture semantic meaning and sequential patterns in URL strings; (ii) Requiring substantial manual feature engineering; and (iii) Inability to handle unseen features and generalize to test data. To address these challenges, we propose URLNet, an end-to-end deep learning framework to learn a nonlinear URL embedding for Malicious URL Detection directly from the URL. Specifically, we apply Convolutional Neural Networks to both characters and words of the URL String to learn the URL embedding in a jointly optimized framework. This approach allows the model to capture several types of semantic information, which was not possible by the existing models. We also propose advanced word-embeddings to solve the problem of too many rare words observed in this task. We conduct extensive experiments on a large-scale dataset and show a significant performance gain over existing methods. We also conduct ablation studies to evaluate the performance of various components of URLNet.

Keywords

URLNet, Malicious URL Detection, Deep Learning

Discipline

Databases and Information Systems | Information Security

Research Areas

Data Science and Engineering

First Page

1

Last Page

13

Citation

LE, Hung; PHAM, Hong Quang; SAHOO, Doyen; and HOI, Steven C. H.. URLNet: Learning a URL representation with deep learning for malicious URL detection. (2018). 1-13.
Available at: https://ink.library.smu.edu.sg/sis_research/4135

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://arxiv.org/pdf/1802.03162.pdf