In recent years, malicious URLs have become significant conduits for conducting cyber attacks, phishing, and fraudulent activities. As attack methods evolve, malicious URLs exhibit new characteristics to circumvent existing detection mechanisms. This paper collected approximately 1.5 million malicious URLs released by mainstream security websites in recent years and conducted a statistical analysis on their features. In response to the inherent characteristics of URLs composed of characters lacking clear semantic meaning and distinct delimiters, we introduce tokenizing methods better suited for URL corpora and propose a pre-training task tailored to these characteristics. Addressing the emerging feature of similarity among malicious URLs generated in bulk, we propose an additional pre-training task aimed at capturing the mutual relationships among malicious URLs. Building on this, we propose URLs-BERT, a BERT-based pre-trained language model for detecting malicious URLs. Experimental results demonstrate that the model achieves a 99.80% accuracy rate on binary classification tasks of malicious URLs and a 99.83% accuracy rate on multi-classification tasks. Furthermore, the model’s generalization performance has been validated on website category classification tasks, surpassing existing baseline methods. Its lightweight fine-tuning allows for rapid deployment in novel malicious URL detection scenarios.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Large-Scale Pretrained Model for Malicious URL Detection

  • Cong Fu,
  • Dong Guo,
  • Zichen Qi,
  • Jinze Li,
  • Bing Li,
  • Xiangyu Meng

摘要

In recent years, malicious URLs have become significant conduits for conducting cyber attacks, phishing, and fraudulent activities. As attack methods evolve, malicious URLs exhibit new characteristics to circumvent existing detection mechanisms. This paper collected approximately 1.5 million malicious URLs released by mainstream security websites in recent years and conducted a statistical analysis on their features. In response to the inherent characteristics of URLs composed of characters lacking clear semantic meaning and distinct delimiters, we introduce tokenizing methods better suited for URL corpora and propose a pre-training task tailored to these characteristics. Addressing the emerging feature of similarity among malicious URLs generated in bulk, we propose an additional pre-training task aimed at capturing the mutual relationships among malicious URLs. Building on this, we propose URLs-BERT, a BERT-based pre-trained language model for detecting malicious URLs. Experimental results demonstrate that the model achieves a 99.80% accuracy rate on binary classification tasks of malicious URLs and a 99.83% accuracy rate on multi-classification tasks. Furthermore, the model’s generalization performance has been validated on website category classification tasks, surpassing existing baseline methods. Its lightweight fine-tuning allows for rapid deployment in novel malicious URL detection scenarios.