Research on a Download Link Recognition Scheme Based on Feature Extraction

doi:10.3969/j.issn.1671-1122.2018.10.005

Abstract

Abstract:

Considering the characteristics that there are many fake download links in download websites, this paper proposes a download link recognition scheme DLRS based on the technology of feature extraction and machine learning in order to help users identify whether a download link is real and available or not. Thus it can prevent users from security threats caused by clicking on fake download links. Meanwhile, the scheme can also enable users to find real download links from many links embedded in advertising information, improving the efficiency of information download.In this paper, we use the method of scatter matrix to extract the features, and apply linear regression to establish the model. Finally, the gradient descent is adopted to find the optimal solution. The experience shows that DLRS performs well in terms of efficiency and accuracy, and has good promotional values.

Key words: feature extraction, machine learning, download link, security recognition

CLC Number:

TP309

Guihua DUAN, Zhuoxiang SHEN, Dongjie SHEN, Zhi LI. Research on a Download Link Recognition Scheme Based on Feature Extraction[J]. Netinfo Security, 2018, 18(10): 31-36.

Figures/Tables 8

References 18

[1]	National Internet Information Office. National Cyberspace Security Strategy[R]. Beijing: China Network Security and Information Leading Group, 2016.
	国家互联网信息办公室. 国家网络空间安全战略[R]. 北京:中央网络安全和信息化领导小组,2016.
[2]	iiMedia Research. Research Report on China's Network Security Market in the First Half of 2017[EB/OL]. .
	艾媒咨询.2017上半年中国网络安全市场研究报告[EB/OL]. .
[3]	ANONYMOUS. Download Link Where are You? Incomplete Evaluation on Inductive False Download Link[J]. PC Digest, 2010(9):3-6.
[4]	Wikipedia.Cryptocurrency[EB/OL]..
[5]	MA J, SAUL L K, SAVAGE S, et al.Identifying Suspicious URLs: An Application of Large-scale Online Learning[C]//ACM. Proceedings of the 26th International Conference on Machine Learning. June 14 - 18, 2009,Montreal, Quebec, Canada.New York:ACM,2009:681-688.
[6]	BILGE L, KIRDA E, KRUEGEL C, et al. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis[EB/OL]..
[7]	LIN Hailun, LI Yan, WANG Weiping, et al.Efficient Segment Pattern Based Method for Malicious URL Detection[J]. Journal on Communications, 2015, 36(S1):141-148.
	林海伦,李焱,王伟平,等. 高效的基于段模式的恶意URL检测方法[J]. 通信学报, 2015,36(S1):141-148.
[8]	Wikipedia. tf-idf[EB/OL]..
[9]	ZHANG Yue, HONG J I, CRANOR L F.Cantina: A Content-based Approach to Detecting Phishing Web Sites[C]//ACM.WWW '07 Proceedings of the 16th international conference on World Wide Web,May 8-12, 2007,Banff, Alberta, Canada .New York:ACM,2007:639-648.
[10]	XU Jie.Design and Testing of Malicious URL Real-Time Detecting System Working in the Mode of Cloud Security[D]. Beijing:Beijing University of Posts and Telecommunications, 2014.
	许杰. 云安全模式下恶意URL实时检测系统的设计与测试[D]. 北京:北京邮电大学, 2014.
[11]	PROVOS N, MAVROMMATIS P, et al.All Your iFrames Point to Us[C]//USENIX. Proceedings of the 17th Usenix Security Symposium,July 28 - August 1, 2008,San Jose, CA. Berkeley:USENIX,2008:1-16.
[12]	ZHOU Zhenfei, FANG Binxing, CUI Xiang, et al.A Method of Malicious Code Detection in WordPress Theme Based on Similarity Analysis[J]. Netinfo Security, 2017,17(12):47-53.
	周振飞,方滨兴,崔翔,等 . 基于相似性分析的 WordPress 主题恶意代码检测[J]. 信息网络安全,2017,17(12): 47-53.
[13]	CHEN Xu, LI Yukun, YUAN Huaping, et al.Phishing Detection System Based on Classification Confidence and Website Features[J]. Netinfo Security, 2017,17(9):111-114.
	陈旭,黎宇坤,袁华平,等. 基于分类置信度和网站特征的钓鱼检测系统[J]. 信息网络安全,2017,17(9):111-114.
[14]	MA J, SAUL L K, SAVAGE S, et al.Beyond Blacklist: Learning to Detect Malicious Web Site from Suspicious URLs[C]//ACM SIGKDD. International Conference on Knowledge Discovery & Data Mining, June 28-July 1, 2009, Paris, France. New York:ACM, 2009: 1245-1254.
[15]	LIU Jian, ZHAO Gang, ZHENG Yunpeng, Design and Implementation of a Multi-layer Filtering Detection Model for Malicious URL[J]. Netinfo Security, 2016,16(1) : 75-80.
	刘健,赵刚,郑运鹏. 恶意URL多层过滤检测模型的设计与实现[J]. 信息网络安全,2016,16,16(1):75-80.
[16]	THEODORIDIS S, KOUTROUMBAS K.Pattern Recognition Fourth Edition[M]. Netherlands:Elsevier Inc. , 2009.
[17]	GOODFELLOW I, BENGIO Y, COURVILLE A.Deep Learning[M]. US:MIT Press, 2016.
[18]	LVSE. A List of Software Download Websites[EB/OL]. .

特征1	域名中是否含有4个以上的连续数字
特征2	域名中是否含有特殊字（#,&,@,~,-,_）
特征3	顶级域名是否为五大域名（com,cn,net,org,cc）之一
特征4	域名中含“.”的个数
特征5	域名总长度
特征6	最长域名段长度

特征1	URL为IP地址
特征2	URL的资源类型为网页型
特征3	URL的资源大小小于2 MB
特征4	URL中存在嵌套域名
特征5	URL中“.”的个数超过5个
特征6	顶级域名位置怪异
特征7	URL中出现@字符
特征8	域名创建时间小于365天
特征9	URL指向的地址跨域

特征1	域名中是否含有4个以上的连续数字
特征2	域名中是否含有特殊字（#,&,@,~,-,_）
特征3	顶级域名是否为五大域名（com,cn,net,org,cc）之一
特征4	域名中含“.”的个数
特征5	域名总长度
特征6	最长域名段长度
特征7	URL的资源类型为网页型
特征8	URL的资源大小小于2 MB
特征9	URL中出现@字符
特征10	URL指向的地址跨域