Font Size: a A A

Malicious URL Recognition Based On Deep Learning

Posted on:2023-09-18Degree:MasterType:Thesis
Country:ChinaCandidate:F LinFull Text:PDF
GTID:2568307292471324Subject:Engineering
Abstract/Summary:
At present,the worldwide network crime and network attack situation is becoming more and more intense,network security has become a national high attention to the problem.Among them,phishing websites have become an important factor threatening network security.The current network environment is becoming more and more complex,and the traditional malicious URL recognition technology cannot cope with problems such as fast update of malicious URL,complex types and difficult selection of artificial features.Therefore,this paper mainly studies the malicious URL recognition algorithm based on deep learning.In this paper,benign URL data from Alexa website and malicious URL data from Phishtank website are taken as experimental data,and the top 20,000 data from Alexa website and the new 20,000 malicious data from Phishtank website are selected.Compare the prediction effect of data in different models and select the best model to improve,and get a final model.The main research contents are as follows:(1)Doc2vec algorithm is used for text analysis and transformation of URL,and the index vector,index weight and text vector of URL are extracted.(2)According to the extracted URL index vector,index weight and text vector,the BiLSTM-Attention algorithm based on non-weighted word embedding,BiLSTM-Attention algorithm based on powerful word embedding and BiLSTM-Attention algorithm based on text vector are respectively used for processing.Experimental results show that the training set and test set accuracy of BiLSTM-Attention algorithm based on non-weighted word embedding reach 93.24% and 92.93% respectively.The training set and test set accuracy of BiLSTM-Attention algorithm based on power word embedding reach 94.57% and 93.45% respectively.The accuracy of training set and test set of BiLSTM-Attention algorithm based on text vector can reach99.58% and 94.38% respectively.Since word embedding BiLSTM-Attention algorithm has large iteration fluctuation,long time consuming and low accuracy,BiLSTM-Attention algorithm based on text vector is selected as the method for further research.(3)BiLSTM-Attention host information improvement algorithm based on URL suffixes is obtained based on the characteristics of URL.The algorithm extracts the host and suffix of URL,uses Doc2 vec algorithm for text analysis and transformation respectively,and obtains the host text vector and suffix text vector of URL.BiLSTM-Attention algorithm combining two text vectors and using text vector,results show that the accuracy of training set and test set reaches 99.71% and 97.03% respectively,both better than the improved BiLSTM-Attention algorithm based on text vector.The research conclusion is as follows: The training set and test set accuracy of BiLSTM-Attention host information improvement algorithm based on URL suffixes are better than that of BiLSTM-Attention algorithm based on word embedding and text vector.Therefore,BiLSTM-Attention host information improvement algorithm based on URL suffixes is selected as the malicious URL recognition algorithm.
Keywords/Search Tags:URL, URL partition, Doc2vec, BiLSTM-Attention algorithm
Related items