Evaluating deep learning approaches to characterize and classify malicious URL’s
Issue title: Special Section: Soft Computing and Intelligent Systems: Techniques and Applications
Guest editors: Sabu M. Thampi, El-Sayed M. El-Alfy, Sushmita Mitra and Ljiljana Trajkovic
Article type: Research Article
Authors: Vinayakumar, R.a; * | Soman, K.P.a | Poornachandran, Prabaharanb
Affiliations: [a] Centre for Computational Engineering and Networking (CEN), Amrita School of Engineering, Coimbatore, Amrita Vishwa Vidyapeetham, Amrita University, Tamil Nadu, India | [b] Center for Cyber Security Systems and Networks, Amrita School of Engineering, Amritapuri, Amrita Vishwa Vidyapeetham, Amrita University, Tamil Nadu, India
Correspondence: [*] Corresponding author. R. Vinayakumar, Centre for Computational Engineering and Networking (CEN), Amrita School of Engineering, Coimbatore, Amrita Vishwa Vidyapeetham, Amrita University, Tamil Nadu, India. E-mail: vinayakumarr77@gmail.com.
Abstract: Malicious uniform resource locator (URL), termed as malicious website is a foundation mechanisms for many of internet criminal activities such as phishing, spamming, identity theft, financial fraud and malware. It has been considered as a common and serious threat to the Cybersecurity. Blacklisting mechanism and many machine learning based solutions found by researchers with the aim to effectively signalize and classify the malicious URL’s in internet. Blacklisting is completely ineffective at finding both variations of malicious URL or newly generated URL. Additionally, it requires human input and ends up as a time consuming approach in real-time scenarios. Machine learning based solutions implicitly rely on feature engineering phase to extract hand crafted features including linguistic, lexical, contextual or semantics, statistical information of URL string, n-gram, bag-of-words, link structures, content composition, DNS information, network traffic, etc. As a result feature engineering in machine learning based solutions has to evolve with the new malicious URL’s. In recent times, deep learning is the most talked due to the significant results in various artificial intelligence (AI) tasks in the field of image processing, speech processing, natural language processing and many others. They have an ability to extract features automatically by taking the raw input texts. To leverage this and to transform the efficacy of deep learning algorithms to the task of malicious URL’s detection, we evaluate various deep learning architectures specifically recurrent neural network (RNN), identity-recurrent neural network (I-RNN), long short-term memory (LSTM), convolution neural network (CNN), and convolutional neural network-long short-term memory (CNN-LSTM) architectures by modeling the real known benign and malicious URL’s in character level language. The optimal parameter for deep learning architecture is found by conducting various experiments with various configurations of network parameters and network structures. All the experiments run till 1000 epochs with a learning rate in the range [0.01-0.5]. In our experiments, deep learning mechanisms outperformed the hand crafted feature mechanism. Specifically, LSTM and hybrid network of CNN and LSTM have achieved highest accuracy as 0.9996 and 0.9995 respectively. This might be due to the fact that the deep learning mechanisms have ability to learn hierarchical feature representation and long range-dependencies in sequences of arbitrary length.
Keywords: Malicious uniform resource locator (URL) or malicious website, deep learning mechanisms: Recurrent Neural Network (RNN), Identity-Recurrent Neural Network (I-RNN), Long Short-Term Memory (LSTM), Convolution Neural Network (CNN), Convolutional Neural Network-Long Short-Term Memory (CNN-LSTM)
DOI: 10.3233/JIFS-169429
Journal: Journal of Intelligent & Fuzzy Systems, vol. 34, no. 3, pp. 1333-1343, 2018