Protecting users from accessing malicious web sites is one of the important management tasks for network operators. There are many open-source and commercial products to control web sites users can access. The most traditional approach is blacklist-based filtering. This mechanism is simple but not scalable, though there are some enhanced approaches utilizing fuzzy matching technologies. Other approaches try to use machine learning (ML) techniques by extracting features from URL strings. This approach can cover a wider area of Internet web sites, but finding good features requires deep knowledge of trends of web site design. Recently, another approach using deep learning (DL) has appeared. The DL approach will help to extract features automatically by investigating a lot of existing sample data. Using this technique, we can build a flexible filtering decision module by keep teaching the neural network module about recent trends, without any specific expert knowledge of the URL domain. In this paper, we apply a mechanical approach to generate feature vectors from URL strings. We implemented our approach and tested with realistic URL access history data taken from a research organization and data from the famous archive site of phishing site information, PhishTank.com. Our approach achieved 2∼3% better accuracy compared to the existing DL- based approach.
[1]
Lawrence K. Saul,et al.
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
,
2009,
KDD.
[2]
Niels Provos,et al.
A framework for detection and measurement of phishing attacks
,
2007,
WORM '07.
[3]
Ramana Rao Kompella,et al.
PhishNet: Predictive Blacklisting to Detect Phishing Attacks
,
2010,
2010 Proceedings IEEE INFOCOM.
[4]
Lorrie Faith Cranor,et al.
Cantina: a content-based approach to detecting phishing web sites
,
2007,
WWW '07.
[5]
Konstantin Berlin,et al.
eXpose: A Character-Level Convolutional Neural Network with Embeddings For Detecting Malicious URLs, File Paths and Registry Keys
,
2017,
ArXiv.