
تعداد نشریات | 34 |
تعداد شمارهها | 1,298 |
تعداد مقالات | 9,378 |
تعداد مشاهده مقاله | 9,042,398 |
تعداد دریافت فایل اصل مقاله | 5,515,263 |
تخمین خطر امنیتی نشانی های اینترنتی به کمک تحلیل تفکیکی خطی | ||
پدافند الکترونیکی و سایبری | ||
مقالات آماده انتشار، پذیرفته شده، انتشار آنلاین از تاریخ 06 خرداد 1404 | ||
نوع مقاله: مقاله پژوهشی | ||
نویسندگان | ||
محمود دی پیر* 1؛ خداداد هلیلی2 | ||
1دانشیار،دانشگاه علوم و فنون هوایی شهید ستاری، تهران، ایران | ||
2استادیار، دانشگاه هوایی شهید ستاری،تهران،ایران | ||
تاریخ دریافت: 13 بهمن 1403، تاریخ بازنگری: 06 فروردین 1404، تاریخ پذیرش: 03 خرداد 1404 | ||
چکیده | ||
ارسال یک آدرس اینترنتی((URL مخرب به قربانی نقطه شروع انواع مختلف فعالیتهای مخرب توسط مهاجمان است. بنابراین شناسایی URLهای مخرب نقش بسزایی در امنیت کاربران اینترنت دارد. اخیراً محاسبه ریسک امنیتی URLها به جای طبقهبندی آنها با استفاده از مدلهای مبتنی یادگیری ماشینی مورد توجه قرار گرفته است. این امر به این دلیل است که از یک طرف هشدارهای لازم را به کاربران میدهد و از طرف دیگر مشکلات مدلهای طبقه بندی را ندارد. در این مطالعه، معیار جدیدی بر اساس تحلیل تفکیک خطی برای تخمین ریسک امنیتی URLها ابداع شده است. در این معیار، نمونههای شناخته شده قبلی از URLهای عادی و مخرب در فضای جدیدی نگاشت میشوند که در آن میتوان ریسک امنیتی را با دقت بیشتری محاسبه کرد. اگرچه یادگیری عمیق در معیار پیشنهادی استفاده نمیشود و به دادههای آموزشی کمی نیاز دارد، تخمین واقع بینانهای برای مقادیر ریسک امنیتی URLهای مخرب و ایمن ارائه میدهد. آزمایشهای انجامشده بر روی مجموعههای داده واقعی نشان میدهد که معیار پیشنهادی از نظر میزان تشخیص نسبت به معیارهای ارائهشده قبلی برتری دارد. پیاده سازیهای انجام شده در این پژوهش به همراه مجموعه دادههای مورد استفاده در آزمایشهای انجام شده در آدرس https://github.com/mdeypir/LRU در دسترس عموم قرار گرفتهاند. | ||
کلیدواژهها | ||
تحلیل تفکیک خطی؛ URL های مخرب؛ خطر امنیتی؛ ویژگی متنی | ||
موضوعات | ||
آسیب پذیری ها و تهدیدات فضای سایبری | ||
عنوان مقاله [English] | ||
Using Linear Discriminant Analysis for Risk Score Estimation of Unified Resource Locators (URLs) | ||
نویسندگان [English] | ||
Mahmood Deypir1؛ Khodadad Halili2 | ||
1Associate Professor, Shahid Sattari University of Aeronautical Sciences and Technology, Tehran, Iran | ||
2Assistant Professor, Shahid Sattari University of Aeronautical Sciences and Technology, Tehran, Iran | ||
چکیده [English] | ||
Sending a malicious URL to a victim is the starting point for various types of malicious activities by attackers. Therefore, identifying malicious URLs plays a significant role in the security of Internet users. Recently, calculating the security risk of URLs instead of classifying them using machine learning-based models has received attention. This is because, on the one hand, it provides necessary warnings to users and, on the other hand, it does not have the problems of classification models. In this study, a new criterion based on linear discriminant analysis is proposed to estimate the security risk of URLs. In this criterion, previously known examples of normal and malicious URLs are mapped into a new space in which the security risk can be calculated more accurately. Although deep learning is not used in the proposed criterion and it requires little training data, it provides a realistic estimate of the security risk values of malicious and safe URLs. Experiments conducted on real datasets show that the proposed criterion outperforms the previously proposed criteria in terms of detection rate. The implementations carried out in this research, along with the datasets used in the experiments, are publicly available at https://github.com/mdeypir/LRU. | ||
کلیدواژهها [English] | ||
Linear discriminant analysis, Malicious URLs, Security risk, Textual feature | ||
مراجع | ||
[1] P. S. Pakhare, S. Krishnan, N. N. Charniya, “Malicious url detection using machine learning and ensemble modeling,” In Computer Networks, Big Data and IoT: Proceedings of ICCBI 2020, pp. 839-850, Springer Singapore, 2020, doi: https://doi.org/10.1007/978-981-16-0965-7_65 [2] C. Hajaj, N. Hason, and A. Dvir, “Less is more: Robust and novel features for malicious domain detection,” Electronics, vol. 11, no. 6, p. 969, 2022, https://doi.org/10.3390/electronics11060969. [3] S. Kim, J. Kim, and B. B. Kang, “Malicious URL protection based on attackers' habitual behavioral analysis,” Computers & Security, vol. 77, pp. 790-806, 2018, https://doi.org/10.1016/j.cose.2018.01.013. [4] A. S. Raja, G. Pradeepa, and N. Arulkumar, “Mudhr: Malicious URL detection using heuristic rules based approach,” In AIP Conference Proceedings, vol. 2393, no. 1, p. 020176, AIP Publishing LLC, 2022, https://doi.org/10.1063/5.0074077 [5] R. Madhubala, N. Rajesh, L. Shaheetha, and N. Arulkumar, “Survey on Malicious URL Detection Techniques,” In 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 778-781, IEEE, 2022, doi: 10.1109/ICOEI53556.2022.9777221. [6] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, and S. Venkatraman, “Robust intelligent malware detection using deep learning,” IEEE Access, vol. 7, pp. 46717-46738, 2019, doi:10.1109/ACCESS.2019.2906934. [7] Y. Liang, Q. Wang, K. Xiong, X. Zheng, Z. Yu, and D. Zeng, “Robust Detection of Malicious URLs With Self-Paced Wide & Deep Learning,” IEEE Transactions on Dependable and Secure Computing, vol. 19, no. 2, pp. 717-730, 2021, doi: 10.1109/TDSC.2021.3121388. [8] R. Rakesh, S. Muthuraijkumar, L. Sairamesh, M. Vijayalakmi, and A. Kannan, “Detection of URL based attacks using reduced feature set and modified C4. 5 algorithm,” Adv. Nat. Appl. Sci, vol. 9, pp. 304-311, 2015. [9] F. A. Ghaleb, M. Alsaedi, F. Saeed, J. Ahmad, and M. Alasli, “Cyber Threat Intelligence-Based Malicious URL Detection Model Using Ensemble Learning,” Sensors, vol. 22, no.9, p. 3373, 2022, doi: 10.3390/s22093373. [10] S. He, B. Li, H. Peng, J. Xin, and E. Zhang, “An effective cost-sensitive XGBoost method for malicious URLs detection in imbalanced dataset,” IEEE Access, vol. 9, pp. 93089-93096, 2021, doi: 10.1109/access.2021.3093094. [11] R. Patgiri, H. Katari, R. Kumar, and D. Sharma, “Empirical study on malicious URL detection using machine learning,” In International Conference on Distributed Computing and Internet Technology, pp. 380-388, Springer, Cham, 2019, https://doi.org/10.1007/978-3-030-05366-6_31. [12] J. Chen, Z. Hu, and Z. Qian, “Research on malicious URL detection based on random forest,” In 2022 14th International Conference on Computer Research and Development (ICCRD), pp. 30-36, IEEE, 2022, January, doi: 10.1109/iccrd54409.2022.9730451. [13] C. Ding, “Automatic detection of malicious urls using fine-tuned classification model,” In 2020 5th International Conference on Information Science, Computer Technology and Transportation (ISCTT), pp. 302-320, IEEE, 2020, doi: 10.1109/ISCTT51595.2020.00060. [14] R. Vinayakumar, K. P. Soman, and P. Poornachandran, “Evaluating deep learning approaches to characterize and classify malicious URL’s,” Journal of Intelligent & Fuzzy Systems, vol. 34(3), pp. 1333-1343, 2018, DOI:10.3233/JIFS-169429. [15] J. Yuan, Y. Liu, and L. Yu, “A novel approach for malicious url detection based on the joint model,” Security and Communication Networks, p.4917016, 2021, https://doi.org/10.1155/2021/4917016. [16] P. L. Indrasiri, M. N. Halgamuge, and A. Mohammad, “Robust Ensemble Machine Learning Model for Filtering Phishing URLs: Expandable Random Gradient Stacked Voting Classifier,” (ERG-SVC). IEEE Access, vol. 9, pp. 150142-150161, 2021, doi: 10.1109/access.2021.3124628. [17] D. R. Patil, and J. B. Patil, “Malicious URLs detection using decision tree classifiers and majority voting technique,” Cybernetics and Information Technologies, vol. 18, no. 1, pp. 11-29, 2018, doi:10.2478/cait-2018-0002. [18] D. K. Mondal, B. C. Singh, H. Hu, S. Biswas, Z. Alom, and M. A. Azim, “SeizeMaliciousURL: A novel learning approach to detect malicious URLs,” Journal of Information Security and Applications, vol. 62, 102967, 2021, https://doi.org/10.1016/j.jisa.2021.102967. [19] A. Shahidinejad, M. Torabi, “Detection and Prevention of SQL Injection Attacks at Runtime Using Decision Tree Classification,” Electronic and Cyber Defense, vol. 8, no. 4, pp. 75-93, 2021, (in persian).dor: 20.1001.1.23224347.1399.8.4.7.3 [23] X. Lyu, Y. Ding, S. H. Yang, “Safety and security risk assessment in cyber‐physical systems,” IET Cyber‐Physical Systems: Theory & Applications, vol. 4, no. 3, pp. 221-232, 2019, https://doi.org/10.1049/iet-cps.2018.5068. [24] C. S. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Generating summary risk scores for mobile applications,” IEEE Transactions on dependable and secure computing, vol. 11, no. 3, pp. 238-251, 2014, doi: 10.1109/tdsc.2014.2302293. [27] M. Deypir, and A. Horri, “Instance based security risk value estimation for Android applications,” Journal of information security and applications, vol. 40, pp. 20-30, 2018, https://doi.org/10.1016/j.jisa.2018.02.002. [28] M. Deypir, “Entropy-based security risk measurement for Android mobile applications,” Soft Computing,” vol. 23, no. 16, pp. 7303-7319, 2019, https://doi.org/10.1007/s00500-018-3377-5. [29] A. S. Raja, R. Vinodini, and A. Kavitha, “Lexical features based malicious URL detection using machine learning techniques,” Materials Today: Proceedings, vol. 47, pp. 163-166, 2021, https://doi.org/10.1016/j.matpr.2021.04.041. [30] M. Kuyama, Y. Kakizaki, R. Sasaki, “Method for detecting a malicious domain by using whois and dns features,” In Proceedings of the Third International Conference on Digital Security and Forensics (DigitalSec2016), Kuala Lumpur, Malaysia, pp. 6–8, 2016. [31] M. S. I. Mamun, M. A. Rathore, A. H. Lashkari, N. Stakhanova, and A. A. Ghorbani, “Detecting malicious urls using lexical analysis,” In International Conference on Network and System Security, pp. 467-482. Springer, Cham, 2016, doi:10.1007/978-3-319-46298-1_30. [32] T. Li, G. Kou, and Y. Peng, “Improving malicious URLs detection via feature engineering: Linear and nonlinear space transformation methods,” Information Systems, vol. 91, 101494, 2020, https://doi.org/10.1016/j.is.2020.101494. [33] G. Palaniappan, S. Sangeetha, B. Rajendran, S. Goyal, and B. S. Bindhumadhava, “Malicious domain detection using machine learning on domain name features, host-based features and web-based features,” Procedia Computer Science, vol. 171, pp. 654-661, 2020, https://doi.org/10.1016/j.procs.2020.04.071. [34] K. A. Messabi, M. Aldwairi, A. A. Yousif, A. Thoban, and F. Belqasmi, “Malware detection using dns records and domain name features,” In Proceedings of the 2nd International Conference on Future Networks and Distributed Systems, pp. 1-7, 2018, doi:10.1145/3231053.3231082. [35] W. Bo, Z. B. Fang, L. X. Wei, Z. F. Cheng, Z. X. Hua, “Malicious URLs detection based on a novel optimization algorithm,” IEICE TRANSACTIONS on Information and Systems, vol. 104(4), pp. 513-516, 2021, doi: 10.1587/transinf.2020EDL8147. [36] J. Yuan, G. Chen, S. Tian, and X. Pei, “Malicious URL detection based on a parallel neural joint model,” IEEE Access, vol. 9, pp. 9464-9472, 2021, doi:10.1109/access.2021.3049625. [37] S. He, B. Li, H. Peng, J. Xin, and E. Zhang, “An effective cost-sensitive XGBoost method for malicious URLs detection in imbalanced dataset,” IEEE Access, vol. 9, pp. 93089-93096, 2021, doi:10.1109/access.2021.3093094. [38] S. Kumi, C. Lim, S. G. Lee, “Malicious url detection based on associative classification,” Entropy, vol 23(2), p. 182, 2021, doi: 10.3390/e23020182. [39] Z. Chen, Y. Liu, C. Chen, M. Lu, and X. Zhang, “Malicious url detection based on improved multilayer recurrent convolutional neural network model,” Security and Communication networks, no. 1, p.9994127, 2021, https://doi.org/10.1155/2021/9994127. [40] R. Patgiri, A. Biswas, S. Nayak, “deepBF: Malicious URL detection using learned bloom filter and evolutionary deep learning. Computer Communications,” vol. 200, pp. 30-41, 2023, https://doi.org/10.1016/j.comcom.2022.12.027. [41] Broadcom, “URL Risk Levels,” https://knowledge.broadcom.com/external/article/175589/url-risk-levels.html [42] Github, “Google Web Risk,” https://github.com/google/webrisk. [43] M. Deypir, T. Zoughi, “Novel Security Metrics for Identifying Risky Unified Resource Locators (URLs),” Iranian Journal of Science and Technology, Transactions of Electrical Engineering, pp. 1-19, 2024, doi: 10.1007/s40998-023-00690-x. [44] A.Tharwat, T. Gaber, A. Ibrahim, A. E. Hassanien, “Linear discriminant analysis: A detailed tutorial,” AI communications, vol. 30, no. 2, pp. 169-190, 2017, doi: 10.3233/aic-170729. [45] Kaggle, “Malicious URL Detection using MLP,” https://www.kaggle.com/code/ashisharya01/malicious-url-detection-using-mlp-99-6-accuracy/data?select=urldata.csv [46] R. van Rijswijk-Deij, M. Jonker, A. Sperotto, and A. Pras, “A high-performance, scalable infrastructure for large-scale active DNS measurements,” IEEE journal on selected areas in communications, vol. 34, no. 6, pp. 1877-1888, 2016, doi: 10.1109/jsac.2016.2558918. [46] L. Qu, Y. Pei, “A Comprehensive Review on Discriminant Analysis for Addressing Challenges of Class-Level Limitations, Small Sample Size, and Robustness,” Processes, vol. 12, no. 7, p. 1382, 2024, https://doi.org/10.3390/pr12071382. | ||
آمار تعداد مشاهده مقاله: 29 |