Using Linear Discriminant Analysis for Risk Score Estimation of Unified Resource Locators (URLs)

Articles in Press

Document Type : Original Article

Authors

1 Associate Professor, Shahid Sattari University of Aeronautical Sciences and Technology, Tehran, Iran

2 Assistant Professor, Shahid Sattari University of Aeronautical Sciences and Technology, Tehran, Iran

Abstract

Sending a malicious URL to a victim is the starting point for various types of malicious activities by attackers. Therefore, identifying malicious URLs plays a significant role in the security of Internet users. Recently, calculating the security risk of URLs instead of classifying them using machine learning-based models has received attention. This is because, on the one hand, it provides necessary warnings to users and, on the other hand, it does not have the problems of classification models. In this study, a new criterion based on linear discriminant analysis is proposed to estimate the security risk of URLs. In this criterion, previously known examples of normal and malicious URLs are mapped into a new space in which the security risk can be calculated more accurately. Although deep learning is not used in the proposed criterion and it requires little training data, it provides a realistic estimate of the security risk values of malicious and safe URLs. Experiments conducted on real datasets show that the proposed criterion outperforms the previously proposed criteria in terms of detection rate. The implementations carried out in this research, along with the datasets used in the experiments, are publicly available at https://github.com/mdeypir/LRU.

Keywords

Main Subjects

References

[1] P. S. Pakhare, S. Krishnan,  N. N. Charniya, “Malicious url detection using machine learning and ensemble modeling,” In Computer Networks, Big Data and IoT: Proceedings of ICCBI 2020, pp. 839-850, Springer Singapore, 2020, doi: https://doi.org/10.1007/978-981-16-0965-7_65
[2] C. Hajaj, N. Hason, and A. Dvir, “Less is more: Robust and novel features for malicious domain detection,” Electronics, vol. 11, no. 6, p. 969, 2022, https://doi.org/10.3390/electronics11060969.
[3] S. Kim, J. Kim, and B. B. Kang, “Malicious URL protection based on attackers' habitual behavioral analysis,” Computers & Security, vol. 77, pp. 790-806, 2018, https://doi.org/10.1016/j.cose.2018.01.013.
[4] A. S. Raja, G. Pradeepa, and N. Arulkumar, “Mudhr: Malicious URL detection using heuristic rules based approach,” In AIP Conference Proceedings, vol. 2393, no. 1, p. 020176, AIP Publishing LLC, 2022, https://doi.org/10.1063/5.0074077
[5] R. Madhubala, N. Rajesh, L. Shaheetha, and N. Arulkumar, “Survey on Malicious URL Detection Techniques,” In 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 778-781, IEEE, 2022, doi: 10.1109/ICOEI53556.2022.9777221.
[6] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, and S. Venkatraman, “Robust intelligent malware detection using deep learning,” IEEE Access, vol. 7, pp. 46717-46738, 2019, doi:10.1109/ACCESS.2019.2906934.
[7] Y. Liang, Q. Wang, K. Xiong, X. Zheng, Z. Yu, and D. Zeng, “Robust Detection of Malicious URLs With Self-Paced Wide & Deep Learning,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 717-730, 2021, doi: 10.1109/TDSC.2021.3121388.
[8] R. Rakesh, S. Muthuraijkumar, L. Sairamesh, M. Vijayalakmi, and A. Kannan, “Detection of URL based attacks using reduced feature set and modified C4. 5 algorithm,” Adv. Nat. Appl. Sci, vol. 9, pp. 304-311, 2015.
[9] F. A. Ghaleb, M. Alsaedi, F. Saeed, J. Ahmad, and M. Alasli, “Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning,” Sensors, vol. 22, no.9, p. 3373, 2022, doi: 10.3390/s22093373.
[10] S. He, B. Li, H. Peng, J. Xin, and E. Zhang, “An effective cost-sensitive XGBoost method for malicious URLs detection in imbalanced dataset,” IEEE Access, vol. 9, pp. 93089-93096, 2021, doi: 10.1109/access.2021.3093094.
[11] R. Patgiri, H. Katari, R. Kumar, and D. Sharma, “Empirical study on malicious URL detection using machine learning,” In International Conference on Distributed Computing and Internet Technology, pp. 380-388, Springer, Cham, 2019, https://doi.org/10.1007/978-3-030-05366-6_31.
[12] J. Chen, Z. Hu, and Z. Qian, “Research on malicious URL detection based on random forest,” In 2022 14th International Conference on Computer Research and Development (ICCRD), pp. 30-36, IEEE, 2022, January, doi: 10.1109/iccrd54409.2022.9730451.
[13] C. Ding, “Automatic detection of malicious urls using fine-tuned classification model,” In 2020 5th International Conference on Information Science, Computer Technology and Transportation (ISCTT), pp. 302-320, IEEE, 2020, doi: 10.1109/ISCTT51595.2020.00060.
[14] R. Vinayakumar, K. P. Soman, and P. Poornachandran, “Evaluating deep learning approaches to characterize and classify malicious URL’s,” Journal of Intelligent & Fuzzy Systems, vol. 34(3), pp. 1333-1343, 2018, DOI:10.3233/JIFS-169429.
[15] J. Yuan, Y. Liu, and L. Yu, “A novel approach for malicious url detection based on the joint model,” Security and Communication Networks, p.4917016, 2021, https://doi.org/10.1155/2021/4917016.
[16] P. L. Indrasiri, M. N. Halgamuge, and A. Mohammad, “Robust Ensemble Machine Learning Model for Filtering Phishing URLs: Expandable Random Gradient Stacked Voting Classifier,” (ERG-SVC). IEEE Access, vol. 9, pp. 150142-150161, 2021, doi: 10.1109/access.2021.3124628.
[17] D. R. Patil, and J. B. Patil, “Malicious URLs detection using decision tree classifiers and majority voting technique,” Cybernetics and Information Technologies, vol. 18, no. 1, pp. 11-29, 2018, doi:10.2478/cait-2018-0002.
[18] D. K. Mondal, B. C. Singh, H. Hu, S. Biswas, Z. Alom, and M. A. Azim, “SeizeMaliciousURL: A novel learning approach to detect malicious URLs,” Journal of Information Security and Applications, vol. 62, 102967, 2021, https://doi.org/10.1016/j.jisa.2021.102967.
[19] A. Shahidinejad, M. Torabi, “Detection and Prevention of SQL Injection Attacks at Runtime Using Decision Tree Classification,” Electronic and Cyber Defense, vol. 8, no. 4, pp. 75-93, 2021,  (in persian).dor: 20.1001.1.23224347.1399.8.4.7.3
[20] M. Maghale, M. Bagheri, “Detection of the Remote Code Execution Attacks Using the PHP Web Application Intrusion Detection System,” Electronic and Cyber Defense, vol. 10, no. 2, pp. 75-85, 2022.  (in persian).dor: 20.1001.1.23224347.1401.10.2.7.3
[21] V. Yadegari, and A. R. Matinfar, “Detect Web Denial of Service Attacks Using Entropy and Support Vector Machine Algorithm,” Electronic and Cyber Defense, vol. 6, no. 4, pp. 79-89, 2019,  (in persian).dor: 20.1001.1.23224347.1397.6.4.7.9
[22] M. Fathian, A. M. Abdollahi, and H. Dehghani, “Modeling Browsing Behavior Analysis for Malicious Robot Detection in Distributed Denial of Service Attacks,” Electronic and Cyber Defense, vol. 4, no. 2, pp. 1-13, 2016.  (in persian).dor: 20.1001.1.23224347.1395.4.2.1.5 
[23] X. Lyu, Y. Ding, S. H. Yang, “Safety and security risk assessment in cyber‐physical systems,” IET Cyber‐Physical Systems: Theory & Applications, vol. 4, no. 3, pp. 221-232, 2019, https://doi.org/10.1049/iet-cps.2018.5068.
[24] C. S. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Generating summary risk scores for mobile applications,” IEEE Transactions on dependable and secure computing, vol. 11, no. 3, pp. 238-251, 2014, doi: 10.1109/tdsc.2014.2302293.  
[25] M. Deypir, “Estimating Security Risks of Android Apps Using Information Gain,” Electronic and Cyber Defense, vol. 5, no. 1, pp. 73-83, 2017. (in persian).
[26] M. Deypir, “Presenting A Method Based on Nearest Neighbors and Hamming Distance in Order to Identify Malicious Applications,” Scientific Journal of Electronical & Cyber Defence, vol. 11, no. 2, 2023,  (in persian).dor: 20.1001.1.23224347.1402.11.2.7.0.
[27] M. Deypir, and A. Horri, “Instance based security risk value estimation for Android applications,” Journal of information security and applications, vol. 40, pp. 20-30, 2018, https://doi.org/10.1016/j.jisa.2018.02.002.
[28] M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Computing,” vol. 23, no. 16, pp. 7303-7319, 2019, https://doi.org/10.1007/s00500-018-3377-5.
[29] A. S. Raja, R. Vinodini, and A. Kavitha, “Lexical features based malicious URL detection using machine learning techniques,” Materials Today: Proceedings, vol. 47, pp. 163-166, 2021, https://doi.org/10.1016/j.matpr.2021.04.041.
[30] M. Kuyama, Y. Kakizaki, R. Sasaki, “Method for detecting a malicious domain by using whois and dns features,” In Proceedings of the Third International Conference on Digital Security and Forensics (DigitalSec2016), Kuala Lumpur, Malaysia, pp. 6–8, 2016.
[31] M. S. I. Mamun, M. A. Rathore, A. H. Lashkari,  N. Stakhanova, and A. A. Ghorbani, “Detecting malicious urls using lexical analysis,” In International Conference on Network and System Security, pp. 467-482. Springer, Cham, 2016, doi:10.1007/978-3-319-46298-1_30.
[32] T. Li, G. Kou, and Y. Peng, “Improving malicious URLs detection via feature engineering: Linear and nonlinear space transformation methods,” Information Systems, vol. 91, 101494, 2020, https://doi.org/10.1016/j.is.2020.101494.
[33] G. Palaniappan, S. Sangeetha, B. Rajendran, S. Goyal, and B. S. Bindhumadhava, “Malicious domain detection using machine learning on domain name features, host-based features and web-based features,” Procedia Computer Science, vol. 171, pp. 654-661, 2020, https://doi.org/10.1016/j.procs.2020.04.071.
[34] K. A. Messabi, M. Aldwairi, A. A. Yousif, A. Thoban, and F. Belqasmi, “Malware detection using dns records and domain name features,” In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, pp. 1-7, 2018, doi:10.1145/3231053.3231082.
[35] W. Bo, Z. B. Fang, L. X. Wei, Z. F. Cheng, Z. X. Hua, “Malicious URLs detection based on a novel optimization algorithm,” IEICE TRANSACTIONS on Information and Systems, vol. 104(4), pp. 513-516, 2021, doi: 10.1587/transinf.2020EDL8147.
[36] J. Yuan, G. Chen, S. Tian, and X.  Pei, “Malicious URL detection based on a parallel neural joint model,” IEEE Access, vol. 9, pp. 9464-9472, 2021, doi:10.1109/access.2021.3049625.
[37] S. He, B. Li, H. Peng, J. Xin, and E. Zhang, “An effective cost-sensitive XGBoost method for malicious URLs detection in imbalanced dataset,” IEEE Access, vol. 9, pp. 93089-93096, 2021, doi:10.1109/access.2021.3093094. 
[38] S. Kumi, C. Lim, S. G. Lee, “Malicious url detection based on associative classification,” Entropy, vol 23(2), p. 182, 2021, doi: 10.3390/e23020182.
[39] Z. Chen, Y. Liu, C. Chen, M. Lu, and X. Zhang, “Malicious url detection based on improved multilayer recurrent convolutional neural network model,” Security and Communication networks, no. 1, p.9994127, 2021, https://doi.org/10.1155/2021/9994127.
[40] R. Patgiri, A. Biswas, S. Nayak, “deepBF: Malicious URL detection using learned bloom filter and evolutionary deep learning. Computer Communications,” vol. 200, pp. 30-41, 2023, https://doi.org/10.1016/j.comcom.2022.12.027.
[41] Broadcom, “URL Risk Levels,” https://knowledge.broadcom.com/external/article/175589/url-risk-levels.html
[42] Github, “Google Web Risk,” https://github.com/google/webrisk.
[43] M. Deypir, T. Zoughi, “Novel Security Metrics for Identifying Risky Unified Resource Locators (URLs),” Iranian Journal of Science and Technology, Transactions of Electrical Engineering, pp. 1-19, 2024, doi: 10.1007/s40998-023-00690-x.
[44] A.Tharwat, T. Gaber, A. Ibrahim, A. E. Hassanien, “Linear discriminant analysis: A detailed tutorial,” AI communications, vol. 30, no. 2, pp. 169-190, 2017, doi: 10.3233/aic-170729.
[45] Kaggle, “Malicious URL Detection using MLP,”  https://www.kaggle.com/code/ashisharya01/malicious-url-detection-using-mlp-99-6-accuracy/data?select=urldata.csv
[46] R. van Rijswijk-Deij, M. Jonker, A. Sperotto, and A. Pras, “A high-performance, scalable infrastructure for large-scale active DNS measurements,” IEEE journal on selected areas in communications, vol. 34, no. 6, pp. 1877-1888, 2016, doi: 10.1109/jsac.2016.2558918.
[46] L. Qu, Y. Pei, “A Comprehensive Review on Discriminant Analysis for Addressing Challenges of Class-Level Limitations, Small Sample Size, and Robustness,” Processes, vol. 12, no. 7, p. 1382, 2024, https://doi.org/10.3390/pr12071382.
Electronic and Cyber Defense

Articles in Press, Accepted Manuscript
Available Online from 27 May 2025

Files

History

  • Receive Date: 01 February 2025
  • Revise Date: 26 March 2025
  • Accept Date: 24 May 2025
  • Publish Date: 27 May 2025

Share

How to cite

Statistics