Generation of malicious webpage samples based on GAN

Abstract

Machine learning needs a large amount of labeled data to train classifiers. However, it's hard to collect malicious web samples because of the short survival times and changeable attack means. In this paper, we propose Web Feature Samples Generative Adversarial Network (WFS-GAN) to generate malicious webpage feature samples. In the proposed scheme, the 48 features are extracted from relatively small number of real malicious webpages, and then convert them into webpage feature vectors. The WFS-GAN is trained by these feature vectors to get a generator which can generate webpage feature samples. Then, the classifier is trained to identify malicious webpages by webpage feature samples generated by the WFS-GAN. The WFS-GAN is based on the CGAN, and the conditional information is webpage's class label. Especially, there are four discriminators in the WFS-GAN, one is global discriminator and the other three are feature discriminators. The global discriminator determines the authenticity of the whole samples to control the quality of the whole generated samples, while each feature discriminator determines the authenticity of the specific feature data of the samples to make the generated samples detailed. The experimental results show that the feature samples generated by the WFS-GAN can be used to train malicious webpage classifier, and the quality of the feature samples generated by the WFS-GAN is better than CGAN and CVAE.