信息网络安全 ›› 2016, Vol. 16 ›› Issue (1): 75-80.doi: 10.3969/j.issn.1671-1122.2016.01.014

• • 上一篇    下一篇

恶意URL多层过滤检测模型的设计与实现

刘健, 赵刚(), 郑运鹏   

  1. 北京信息科技大学信息管理学院,北京 100192
  • 收稿日期:2015-11-16 出版日期:2016-01-01 发布日期:2020-05-13
  • 作者简介:

    作者简介: 刘健(1991-),男,北京,硕士研究生,主要研究方向为机器学习与信息安全;赵刚(1965-),男,北京,副教授,博士,主要研究方向为人工智能与信息安全;郑运鹏(1992-),男,北京,硕士研究生,主要研究方向为大数据与物流规划。

  • 基金资助:
    基金项目: 国家社会科学基金重大项目子课题[14ZDB133];北京市自然科学基金[4132011]

Design and Implementation of a Multi-layer Filtering Detection Model for Malicious URL

Jian LIU, Gang ZHAO(), Yunpeng ZHENG   

  1. School of Information Management, Beijing Information Science & Technology University, Beijing 100192, China
  • Received:2015-11-16 Online:2016-01-01 Published:2020-05-13

摘要:

近年来,恶意网站危害到用户的方方面面,对恶意网站URL的检测越来越重要。目前对恶意URL的检测主要有黑白名单技术和机器学习分类算法,黑白名单技术对于没有标记集的URL无能为力,每种机器学习分类算法也有各自不擅长的数据。文章结合黑白名单技术和机器学习算法提出了恶意URL多级过滤检测模型,训练每层过滤器的阈值,过滤器达到阈值的能够直接对URL进行判定,否则过滤到下一层过滤器。本模型能够充分发挥不同分类器针对所擅长数据类型的作用。文章用实例验证了多级过滤检测模型能够提高URL检测的准确率。

关键词: 恶意URL, 黑白名单技术, 机器学习, 多层过滤模型

Abstract:

In recent years, as malicious websites harm to every aspect of the user, the detection of malicious web site URL is becoming increasingly important. At present, the detection of malicious URL mainly includes black and white list technology and machine learning classification algorithm.However, the black and white list technology can do nothing while the URL is not in list. And each machine learning classification algorithm has some data which it is not good at. In this paper, we propose a malicious URL multi-level filtering detection model. By training the threshold of each layer filter, the filter can directly determine the URL when it reaches the threshold. Otherwise, the filter leave the URL to next layer. Therefore, every classifier can deal with the data it is good at, this paper uses an example to verify that the model can improve the accuracy of URL detection.

Key words: malicious URL, black and white list technology, machine learning, multi-layer filtering model

中图分类号: