Font Size: a A A

Research On Hybrid Malicious URL Detection Method Based On "Word-Location" Vector

Posted on:2022-08-28Degree:MasterType:Thesis
Country:ChinaCandidate:H WangFull Text:PDF
GTID:2518306536963739Subject:Computer Science and Technology
Abstract/Summary:
The rapid development of the Internet is accompanied by an increasingly serious problem of network attacks,including phishing,spam,malware and denial of service.Uniform Resource Locators(URLs)are one of the main ways of network attacks,which pose a great threat to the maintenance of network security.In the field of network security,how to optimize malicious URL detection technology has always been a research hotspot.Defense methods that rely on blacklist mechanism can only identify known malicious URLs.Machine learning methods based on artificial feature extraction rely on rich expert knowledge and a large amount of data analysis to design rules,which needs a lot of manpower and time.In recent years,deep learning technology has achieved great success in automatic feature extraction and has been gradually applied to malicious URL detection tasks.For example,Word2 Vec word vector is used to represent URL text,and CNN model or RNN model is used to detect malicious URL.URL is a short text with special structure,but the word vector does not reflect its structure information.CNN network can extract local semantic features,and RNN network can capture long-distance dependencies,but the scheme of combining the two to detect malicious URL still needs to be explored.Therefore,the deep learning-based malicious URL detection technology still needs to be further improved.The research focus of this thesis is to design a malicious URL detection scheme based on deep learning.The main tasks completed are as follows:(1)This thesis proposes a vector model of "word-location" for URL text representation.A URL is made up of special characters,numbers,and letters,and can be divided into domains,paths,queries,and fragments.The "word-location" vector model optimizes the original word vector by using the special structure of URL,that is,adding the corresponding location information of the word.First,the URL text is transformed into a sequence of byte fragments using the 3-gram word segmentation technique.Then,a word-location(WLoc)pair can be formed by finding the location marker corresponding to the word,and the sequence of byte fragments can be transformed into a WLoc sequence.For each "word-location" pair,the word and the corresponding location symbol are concatenated in the form of string.Finally,by training with the Skipgram model in Word2 Vec,the vector representation of each word-location pair can be generated.The experimental results show that Word2vec(WLOC)"word-location" vector is much better than Word2 vec word vector for malicious URL detection.(2)A hybrid CNN-Bi LSTM detection model with attention mechanism is proposed,which is abbreviated as CNN-Bi LSTM-ATT.In this model,CNN network is used to extract local semantic features,and Bi LSTM network is used to capture context information.The output features of the two networks are fused,and then an attention mechanism is used to carry out weighted summation of the fused features,and the output vectors obtained are used for subsequent classification.Experimental results show that CNN-Bi LSTM-ATT model for malicious URL detection is significantly better than Bi LSTM model,Bi LSTM-ATT model,CNN model and CNN-Bi LSTM model in terms of performance.The "word-location" vector combined with CNN-Bi LSTM-ATT detection scheme proposed in this thesis has the best comprehensive performance.The pre-trained Word2vec(WLOC)"word-location" vector combined with CNN-Bi LSTM-ATT model obtained 94.25% recall rate,94.40% accuracy rate,94.53% precision rate and 0.9439 F1 value.
Keywords/Search Tags:Malicious URL Detection, Deep Learning, Word Vector, CNN, BiLSTM
Related items