[1]卜佑军,张桥,陈博,等.基于 CNN 和 BiLSTM 的钓鱼 URL 检测技术研究[J].郑州大学学报(工学版),2021,42(6):15-21.[doi:10.13705/j.issn.1671-6833.2021.04.022]
 BU Youjun,ZHANG Qiao,CHEN Bo,et al.Research on Phishing URL Detection Technology Based on CNN-BiLSTM[J].Journal of Zhengzhou University (Engineering Science),2021,42(6):15-21.[doi:10.13705/j.issn.1671-6833.2021.04.022]
点击复制

基于 CNN 和 BiLSTM 的钓鱼 URL 检测技术研究
()
分享到:

《郑州大学学报(工学版)》[ISSN:1671-6833/CN:41-1339/T]

卷:
42
期数:
2021年6期
页码:
15-21
栏目:
出版日期:
2021-11-10

文章信息/Info

Title:
Research on Phishing URL Detection Technology Based on CNN-BiLSTM
作者:
卜佑军1,张桥1,2陈博1,张稣荣1,王方玉2
1.中国人民解放军战略支援部队信息工程大学,河南 郑州 450001; 2.郑州大学 中原网络安全研究院,河南 郑州 450001
Author(s):
BU Youjun1, ZHANG Qiao1,2, CHEN Bo1, ZHANG Surong1, WANG Fangyu2
1.PLA Strategic Support Force Information Engineering University Zhengzhou 450001 China ; 2.Zhongyuan Network Security Research Institute Zhengzhou University Zhengzhou 450001 China
关键词:
Keywords:
phishing URL URL segmentation CNN BiLSTM
DOI:
10.13705/j.issn.1671-6833.2021.04.022
文献标志码:
A
摘要:
为了解决日益严峻的网络钓鱼问题,提出一种基于卷积神经网络( CNN) 和双向长短记忆网络( BiLSTM) 的钓鱼 URL 检测方法 CNN-BiLSTM。该方法首先基于敏感词分词的方法对 URL 分词,根据特殊字符和敏感词对 URL 进行单词级别划分,对其中的非敏感词进行字符级别划分,以获取特殊字符和敏感词的有效信息,提升利用 URL 数据信息的程度; 然后将分词后的 URL 输入到 CNN 和 BiLSTM 中,通过 CNN 获取 URL 的空间局部特征,通过 BiLSTM 获取 URL 的双向长距离依赖特征,基于自动提取的特征检测钓鱼网页。实验结果表明: 基于 CNN 和 BiLSTM 的钓鱼 URL 检测方法能够达到较好的检测效果,其准确率达到了 98. 84%,精确率达到了 99. 71%,召回率达到了 98. 04%,F1 值达到了 98. 86%。此方法相对于传统的机器学习和黑名单检测方法,无须人工提取特征且能识别新出现的钓鱼网页。

Abstract:
In order to solve the increasingly serious problem of phishing, a phishing URL detection method based on convolution neural network (CNN) and bi-directional long short termmemory (BiLSTM) was proposed.This method first classified the URL based on the sensitive word segmentation method; classified the URL according to the special characters and sensitive words; and classified the non-sensitive words in the character level, so as to obtain the effective information of the special characters and sensitive words, and improve the use of URL data information. Then the segmented URL was input into CNN and BiLSTM, to obtain the spatial local features of the URL through CNN, to obtain the bidirectional long-distance dependent features of the URL through BiLSTM, and to detect phishing webpages based on the automatically extracted features.Compared with traditional machine learning and blacklist detection methods. Experimental results showed that the phishing URL detection method based on CNN and BiLSTM could achieve better detection results, the accuracy rate was 98.84%, the precision rate was 99.71%, the recall rate was 98.04%, and the F1 value was 98.86%. This method did not require manual feature extraction and could identify newly emerging phishing webpages.

参考文献/References:

[1] 中国互联网络信息中心.第45次中国互联网络发展状况统计报告[R/OL].(2017-02-17)[2020-03-25].http://www.cnnic.cn/gywm/xwzx/rdxw/20172017_7057/202004/t20200427_70973.htm.

[2] 中国反钓鱼网站联盟.2020年8月钓鱼网站处理简报[EB/OL].(2020-03-20)[2020-10-08].http://www.apac.cn/gzdt/202003/P020200320392664104846.pdf.[3] CANALI D,COVA M,VIGNA G,et al.Prophiler:a fast filter for the large-scale detection of malicious web pages[C]//Proceedings of the 20th International Conference on World Wide Web-WWW′11.New York:ACM,2011:197-206.
[4] THOMAS K,GRIER C,MA J,et al.Design and evaluation of a real-time URL spam filtering service[C]//2011 IEEE Symposium on Security and Privacy.Pisca-taway:IEEE,2011:447-462.
[5] SHENG S,WARDMAN B,WARNER G,et al.An empirical analysis of phishing blacklists[EB/OL].(2009-01-01)[2020-04-08].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.165.520.
[6] ALEROUD A,ZHOU L N.Phishing environments,techniques,and countermeasures:a survey[J].Computers & security,2017,68:160-196.
[7] LIU G,QIU B T,WENYIN L.Automatic detection of phishing target from phishing webpage[C]//20th International Conference on Pattern Recognition.Pisca-taway:IEEE,2010:4153-4156.
[8] MA J,SAUL L K,SAVAGE S,et al.Beyond blacklists:learning to detect malicious web sites from suspicious URLs[C]//Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining-KDD′09.New York:ACM,2009:681-688.
[9] 沙泓州,刘庆云,柳厅文,等.恶意网页识别研究综述[J].计算机学报,2016,39(3):529-542.
[10] KIM Y.Convolutional neural networks for sentence classification[C]//Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP).Doha:Association for Computational Linguistics,2014:1746-1751.
[11] ZHANG M,XU B Y,BAI S,et al.A deep learning method to detect web attacks using a specially designed CNN[C]//Neural Information Processing.Berlin:Springer,2017:828-836.
[12] CUI J P, LIU M, HU J W. Malicious web request detection technology based on CNN [J]. Computer science,2020,47(2): 281-286.
[13] YU B,PAN J,HU J M,et al.Character level based detection of DGA domain names[C]//2018 International Joint Conference on Neural Networks (IJCNN).Piscataway:IEEE,2018:1-8.

更新日期/Last Update: 2021-12-17