Nowadays, with the rapid growth of cyber threats, machine learning models are widely used to detect and identify malicious network activities, such as illegal web requests and network anomalies. Effective URL embeddings are essential for improving the performance of these detection models. However, traditional URL embedding methods often consider URLs as a single entity, overlooking the relationships and semantic structures among characters, and limiting models’ learning capability. To address these limitations, we propose a novel URL embedding framework called Bag-of-Characters (BoC). BoC employs the Multiple Instance Learning (MIL) paradigm and treats each URL as a collection of character instances. We convert each character into a low-dimensional vector and incorporate positional encoding to generate semantically rich character representations. After that, we combine these character vectors using MIL algorithms to create a fixed-length URL embedding, preventing the loss of semantic information that could happen with conventional truncation or padding techniques. We conduct experiments on multiple public datasets, and the results show that our proposed method significantly outperforms existing baseline methods in terms of accuracy and robustness for tasks such as malicious web request detection. We make our code publicly available at https://github.com/chiachen-chang/mil_urlembedding .

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Bag-of-Characters: A Multiple Instance Learning Framework for URL Embedding in Web Security

  • Jiachen Zhang,
  • He Yang,
  • Yueming Lu,
  • Daoqi Han,
  • Gang Jin

摘要

Nowadays, with the rapid growth of cyber threats, machine learning models are widely used to detect and identify malicious network activities, such as illegal web requests and network anomalies. Effective URL embeddings are essential for improving the performance of these detection models. However, traditional URL embedding methods often consider URLs as a single entity, overlooking the relationships and semantic structures among characters, and limiting models’ learning capability. To address these limitations, we propose a novel URL embedding framework called Bag-of-Characters (BoC). BoC employs the Multiple Instance Learning (MIL) paradigm and treats each URL as a collection of character instances. We convert each character into a low-dimensional vector and incorporate positional encoding to generate semantically rich character representations. After that, we combine these character vectors using MIL algorithms to create a fixed-length URL embedding, preventing the loss of semantic information that could happen with conventional truncation or padding techniques. We conduct experiments on multiple public datasets, and the results show that our proposed method significantly outperforms existing baseline methods in terms of accuracy and robustness for tasks such as malicious web request detection. We make our code publicly available at https://github.com/chiachen-chang/mil_urlembedding .