Abdelkader El Mahdaouy, Salima Lamsiyah, Meryem Janati Idrissi, Hamza Alami, Zakaria Yartaoui, Ismail Berrada
{"title":"DomURLs_BERT: Pre-trained BERT-based Model for Malicious Domains and URLs Detection and Classification","authors":"Abdelkader El Mahdaouy, Salima Lamsiyah, Meryem Janati Idrissi, Hamza Alami, Zakaria Yartaoui, Ismail Berrada","doi":"arxiv-2409.09143","DOIUrl":null,"url":null,"abstract":"Detecting and classifying suspicious or malicious domain names and URLs is\nfundamental task in cybersecurity. To leverage such indicators of compromise,\ncybersecurity vendors and practitioners often maintain and update blacklists of\nknown malicious domains and URLs. However, blacklists frequently fail to\nidentify emerging and obfuscated threats. Over the past few decades, there has\nbeen significant interest in developing machine learning models that\nautomatically detect malicious domains and URLs, addressing the limitations of\nblacklists maintenance and updates. In this paper, we introduce DomURLs_BERT, a\npre-trained BERT-based encoder adapted for detecting and classifying\nsuspicious/malicious domains and URLs. DomURLs_BERT is pre-trained using the\nMasked Language Modeling (MLM) objective on a large multilingual corpus of\nURLs, domain names, and Domain Generation Algorithms (DGA) dataset. In order to\nassess the performance of DomURLs_BERT, we have conducted experiments on\nseveral binary and multi-class classification tasks involving domain names and\nURLs, covering phishing, malware, DGA, and DNS tunneling. The evaluations\nresults show that the proposed encoder outperforms state-of-the-art\ncharacter-based deep learning models and cybersecurity-focused BERT models\nacross multiple tasks and datasets. The pre-training dataset, the pre-trained\nDomURLs_BERT encoder, and the experiments source code are publicly available.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09143","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Detecting and classifying suspicious or malicious domain names and URLs is
fundamental task in cybersecurity. To leverage such indicators of compromise,
cybersecurity vendors and practitioners often maintain and update blacklists of
known malicious domains and URLs. However, blacklists frequently fail to
identify emerging and obfuscated threats. Over the past few decades, there has
been significant interest in developing machine learning models that
automatically detect malicious domains and URLs, addressing the limitations of
blacklists maintenance and updates. In this paper, we introduce DomURLs_BERT, a
pre-trained BERT-based encoder adapted for detecting and classifying
suspicious/malicious domains and URLs. DomURLs_BERT is pre-trained using the
Masked Language Modeling (MLM) objective on a large multilingual corpus of
URLs, domain names, and Domain Generation Algorithms (DGA) dataset. In order to
assess the performance of DomURLs_BERT, we have conducted experiments on
several binary and multi-class classification tasks involving domain names and
URLs, covering phishing, malware, DGA, and DNS tunneling. The evaluations
results show that the proposed encoder outperforms state-of-the-art
character-based deep learning models and cybersecurity-focused BERT models
across multiple tasks and datasets. The pre-training dataset, the pre-trained
DomURLs_BERT encoder, and the experiments source code are publicly available.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
