Skip to main content
SpringerLink
Log in

A Deep Learning Based Online Malicious URL and DNS Detection Scheme

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2017)

Abstract

URL and DNS are two common attack vectors in malicious network activities; thus, detection for malicious URL and DNS is crucial in network security. In this paper, we propose an online detection scheme based on character-level deep neural networks. Specifically, this scheme maps the URL and DNS strings into vector form using some natural language processing methods. The CNN (Convolutional Neural Network) network framework is then designed to automatically extract the malicious features and train the classifying model. Experimental results on real-world URL and DNS datasets show that proposed method outperforms several state-of-art baseline methods, in terms of efficiency and scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 143.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Choo, K.-K.R.: A conceptual interdisciplinary plug-and-play cyber security framework. In: Kaur, H., Tao, X. (eds.) ICTs and the Millennium Development Goals, pp. 81–99. Springer, Boston (2014). https://doi.org/10.1007/978-1-4899-7439-6_6

    Chapter  Google Scholar 

  2. Choo, K.-K.R., Grabosky, P.: CyberCrime. In: The Oxford Handbook of Organized Crime. Oxford University Press, Oxford, 24 Oct 2014

    Google Scholar 

  3. https://docs.apwg.org/reports/apwg_trends_report_q4_2016.pdf

  4. Prokhorenko, V., Choo, K.-K.R., Ashman, H.: Web application protection techniques: a taxonomy. J. Netw. Comput. Appl. 60, 95–112 (2016)

    Article  Google Scholar 

  5. Provos, N., et al.: All your iFRAMEs point to Us. In: Conference on Security Symposium USENIX Association, pp. 1–15 (2008)

    Google Scholar 

  6. McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: Usenix Workshop on Large-Scale Exploits and Emergent Threats, 15 April 2008, San Francisco, CA, USA, Proceedings DBLP (2008)

    Google Scholar 

  7. Yadav, S., et al.: Detecting algorithmically generated malicious domain names. In: ACM SIGCOMM Conference on Internet Measurement 2010, Melbourne, Australia, November DBLP, pp. 48–61 (2010)

    Google Scholar 

  8. Ma, J., et al.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Paris, France, 28 June – July DBLP, pp. 1245–1254 (2009)

    Google Scholar 

  9. Yen, T.F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Computer Security Applications Conference, pp. 199–208 (2013)

    Google Scholar 

  10. Huang, D., Xu, K., Pei, J.: Malicious URL detection by dynamically mining patterns without pre-defined elements. World Wide Web 17(6), 1375–1394 (2014)

    Article  Google Scholar 

  11. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: International Conference on Neural Information Processing Systems Curran Associates Inc., pp. 1097–1105 (2012)

    Google Scholar 

  12. Ouyang, W., et al.: DeepID-Net: deformable deep convolutional neural networks for object detection. IEEE Trans. Pattern Anal. Mach. Intell. pp(99), 1 (2016)

    Google Scholar 

  13. Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: International Conference on Neural Information Processing Systems, pp. 3104–3112. MIT Press (2014)

    Google Scholar 

  14. Zhang, X., Zhao, J., Lecun, Y.: Character-level convolutional networks for text classification. In: International Conference on Neural Information Processing Systems, pp. 649–657. MIT Press (2015)

    Google Scholar 

Download references

Acknowledgment

This work is supported by National Natural Science Foundation of China (No. 61173008, 61402124), Strategic Pilot Technology Chinese Academy of Sciences (No. XDA06010703) and Key Lab of Information Network Security, Ministry of Public Security (No. C17614).

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Jianguo Jiang, Jiuming Chen, Chao Liu, Kunying Liu & Min Yu

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Jiuming Chen & Min Yu

  3. Department of Information Systems and Cyber Security, University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  4. Key Laboratory of Information Network Security of Ministry of Public Security, The Third Research Institute of Ministry of Public Security, Shanghai, China

    Yongjian Wang

Authors
  1. Jianguo Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiuming Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kunying Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Min Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yongjian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Min Yu or Yongjian Wang .

Editor information

Editors and Affiliations

  1. Wilfrid Laurier University, Waterloo, Ontario, Canada

    Xiaodong Lin

  2. University of New Brunswick, Fredericton, New Brunswick, Canada

    Ali Ghorbani

  3. University at Buffalo, Buffalo, New York, USA

    Kui Ren

  4. Pennsylvania State University, Philadelphia, Pennsylvania, USA

    Sencun Zhu

  5. Anhui Normal University, Wuhu, China

    Aiqing Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, J. et al. (2018). A Deep Learning Based Online Malicious URL and DNS Detection Scheme. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-78813-5_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-78812-8

  • Online ISBN: 978-3-319-78813-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation