恶意软件URL实时分类的判别词法特征识别与评价

2016 International Conference on Computer and Communication Engineering (ICCCE) Pub Date : 2016-07-01 DOI:10.1109/ICCCE.2016.31

M. Olalere, Mohd Taufik Abdullah, R. Mahmod, Azizol Abdullah

{"title":"恶意软件URL实时分类的判别词法特征识别与评价","authors":"M. Olalere, Mohd Taufik Abdullah, R. Mahmod, Azizol Abdullah","doi":"10.1109/ICCCE.2016.31","DOIUrl":null,"url":null,"abstract":"This study identifies and evaluates discriminative lexical features of malware URLs for building a real-time malware URL classification. The lexical features of malware URL are first identified from existing blacklisted malware URLs through manual examination. Feature identification is followed by studying the prevalence of these features on newly collected malware URLs through empirical analysis. Our empirical analysis revealed that attackers follow the same pattern in crafting malware URL. To evaluate the performance and effectiveness of these features, we applied a Support Vector Machine (SVM) classification algorithm on a dataset comprising of benign and malware URLs. By applying the WEKA data mining tool on our trained dataset, a 96.95 % accuracy was achieved with a low False Negative Rate (FNR) of 0.018 and a moderate False Positive Rate (FPR) of 0.046.","PeriodicalId":360454,"journal":{"name":"2016 International Conference on Computer and Communication Engineering (ICCCE)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Identification and Evaluation of Discriminative Lexical Features of Malware URL for Real-Time Classification\",\"authors\":\"M. Olalere, Mohd Taufik Abdullah, R. Mahmod, Azizol Abdullah\",\"doi\":\"10.1109/ICCCE.2016.31\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This study identifies and evaluates discriminative lexical features of malware URLs for building a real-time malware URL classification. The lexical features of malware URL are first identified from existing blacklisted malware URLs through manual examination. Feature identification is followed by studying the prevalence of these features on newly collected malware URLs through empirical analysis. Our empirical analysis revealed that attackers follow the same pattern in crafting malware URL. To evaluate the performance and effectiveness of these features, we applied a Support Vector Machine (SVM) classification algorithm on a dataset comprising of benign and malware URLs. By applying the WEKA data mining tool on our trained dataset, a 96.95 % accuracy was achieved with a low False Negative Rate (FNR) of 0.018 and a moderate False Positive Rate (FPR) of 0.046.\",\"PeriodicalId\":360454,\"journal\":{\"name\":\"2016 International Conference on Computer and Communication Engineering (ICCCE)\",\"volume\":\"48 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference on Computer and Communication Engineering (ICCCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCE.2016.31\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference on Computer and Communication Engineering (ICCCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCE.2016.31","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

本研究识别和评估恶意软件URL的判别词法特征，用于构建实时恶意软件URL分类。恶意URL的词法特征首先通过人工检测从已有的黑名单恶意URL中识别出来。特征识别之后，通过实证分析研究这些特征在新收集的恶意url上的流行程度。我们的实证分析显示，攻击者在制作恶意软件URL时遵循相同的模式。为了评估这些特征的性能和有效性，我们在包含良性和恶意url的数据集上应用了支持向量机(SVM)分类算法。通过在我们的训练数据集上应用WEKA数据挖掘工具，准确率达到96.95%，假阴性率(FNR)为0.018，假阳性率(FPR)为0.046。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Identification and Evaluation of Discriminative Lexical Features of Malware URL for Real-Time Classification

This study identifies and evaluates discriminative lexical features of malware URLs for building a real-time malware URL classification. The lexical features of malware URL are first identified from existing blacklisted malware URLs through manual examination. Feature identification is followed by studying the prevalence of these features on newly collected malware URLs through empirical analysis. Our empirical analysis revealed that attackers follow the same pattern in crafting malware URL. To evaluate the performance and effectiveness of these features, we applied a Support Vector Machine (SVM) classification algorithm on a dataset comprising of benign and malware URLs. By applying the WEKA data mining tool on our trained dataset, a 96.95 % accuracy was achieved with a low False Negative Rate (FNR) of 0.018 and a moderate False Positive Rate (FPR) of 0.046.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference on Computer and Communication Engineering (ICCCE)

自引率

0.00%

发文量