Learning to Detect Malicious URLs

被引：131

作者：

Ma, Justin ^{[1
]}

Saul, Lawrence K. ^{[2
]}

Savage, Stefan ^{[2
]}

Voelker, Geoffrey M. ^{[2
]}

机构：

[1] Univ Calif Berkeley, Berkeley, CA 94720 USA

[2] Univ Calif San Diego, San Diego, CA 92103 USA

来源：

ACM TRANSACTIONS ON INTELLIGENT SYSTEMS AND TECHNOLOGY | 2011年 / 2卷 / 03期

基金：

美国国家科学基金会;

关键词：

Algorithms; Security; Online learning; malicious Web sites; PERCEPTRON;

D O I：

10.1145/1961189.1961202

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Malicious Web sites are a cornerstone of Internet criminal activities. The dangers of these sites have created a demand for safeguards that protect end-users from visiting them. This article explores how to detect malicious Web sites from the lexical and host-based features of their URLs. We show that this problem lends itself naturally to modern algorithms for online learning. Online algorithms not only process large numbers of URLs more efficiently than batch algorithms, they also adapt more quickly to new features in the continuously evolving distribution of malicious URLs. We develop a real-time system for gathering URL features and pair it with a real-time feed of labeled URLs from a large Web mail provider. From these features and labels, we are able to train an online classifier that detects malicious Web sites with 99% accuracy over a balanced dataset.

引用

页数：24