An Analysis and Implementation of Methods for High Speed Lexical Classification of Malicious URLs

Egan, Shaun P; Irwin, Barry V W

Title: An Analysis and Implementation of Methods for High Speed Lexical Classification of Malicious URLs
Creator: Egan, Shaun P, Irwin, Barry V W
Subject: To be catalogued
Date: 2012
Type: text
Type: article
Identifier: http://hdl.handle.net/10962/429757
Identifier: vital:72637
Identifier: https://digifors.cs.up.ac.za/issa/2012/Proceedings/Research/58_ResearchInProgress.pdf
Description: Several authors have put forward methods of using Artificial Neural Networks (ANN) to classify URLs as malicious or benign by using lexical features of those URLs. These methods have been compared to other methods of classification, such as blacklisting and spam filtering, and have been found to be as accurate. Early attempts proved to be as highly accurate. Fully featured classifications use lexical features as well as lookups to classify URLs and include (but are not limited to) blacklists, spam filters and reputation services. These classifiers are based on the Online Perceptron Model, using a single neuron as a linear combiner and used lexical features that rely on the presence (or lack thereof) of words belonging to a bag-of-words. Several obfuscation resistant features are also used to increase the positive classification rate of these perceptrons. Examples of these include URL length, number of directory traversals and length of arguments passed to the file within the URL. In this paper we describe how we implement the online perceptron model and methods that we used to try to increase the accuracy of this model through the use of hidden layers and training cost validation. We discuss our results in relation to those of other papers, as well as other analysis performed on the training data and the neural networks themselves to best understand why they are so effective. Also described will be the proposed model for developing these Neural Networks, how to implement them in the real world through the use of browser extensions, proxy plugins and spam filters for mail servers, and our current implementation. Finally, work that is still in progress will be described. This work includes other methods of increasing accuracy through the use of modern training techniques and testing in a real world environment.
Format: 8 pages, pdf
Language: English
Relation: Information Security for South Africa, Egan, S. and Irwin, B., An Analysis and Implementation of Methods for High Speed Lexical Classification of Malicious URLs. In 2012 Information Security for South Africa (pp. 1-8). IEEE, Information Security for South Africa volume 2012 number 1 1 8 2013 2330-9881
Rights: Publisher
Rights: Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)

Hits: 284
Visitors: 290
Downloads: 9

Collections

Irwin, Barry V W (Prof)

RU Department of Computer Science

SDG 09. Industry, Innovation and Infrastructure

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	An Analysis and Implementation of Methods for High Speed Lexical Classification of Malicious URLs.pdf	706 KB	Adobe Acrobat PDF	View Details Download