基于威胁情报平台的恶意URL检测研究

互联网应用已经渗透到人们日常生活的方方面面,恶意URL防不胜防,给人们的财产和隐私带来了严重威胁。当前主流的防御方法主要依靠黑名单机制, 难以检测 黑名单以外的URL。因此,引入机器学习来优化恶意URL检测是一个主要的研究方向,但其主要受限于URL的短文本特性,导致提取的特征单一,从而使得检测效果较差。针对上述挑战,设计了一个基于威胁情报平台的恶意URL检测系统。该系统针对URL字符串提取了结构特征、情报特征和敏感词特征3类特征来训练分类器,然后采用多分类器投票机制来判断类别,并实现威胁情报的自动更新。实验结果表明,该方法对恶意URL进行检测 的准确率 达到了96%以上。

Study on Malicious URL Detection Based on Threat Intelligence Platform

With Internet penetrating into daily life,it is hard to prevent ubiquitous malicious URLs,threatening the properties and privacies of people seriously.Traditional method to detect malicious URL relies on blacklist mechanism,but it can do nothing with the malicious URLs which are not in the list.Therefore,one of the fundamental directions is bringing in machine learning to optimize the malicious URL detection.However,the results of most existing solutions are not satisfying,as the characteristics of URL short text make it extract a single feature.To address those problems above,this paper designed a novel system to detect malicious URLs based on threat intelligence platform.The system extracts structural features,intelligence features and sensitive lexical features to train classifiers.Next,the voting me-chanism with results of multiple classifiers is exploited to determine the type of URLs.Finally,the threat intelligence can be updated automatically.The experimental results show that the method for detecting malicious URL has good de-tection effect,and is capable of achieving classification accuracy up to 96%.