<p>Detecting and classifying suspicious or malicious domain names and URLs is a fundamental task in cybersecurity. To leverage such indicators of compromise, cybersecurity vendors and practitioners often maintain and update blacklists of known malicious domains and URLs. However, blacklists frequently fail to identify emerging and obfuscated threats. Over the past few decades, there has been significant interest in developing machine learning models that automatically detect malicious domains and URLs, addressing the limitations of blacklist maintenance and updates. In this paper, we introduce DomURLs_BERT, a pre-trained BERT-based encoder adapted for encoding domain names and URLs. DomURLs_BERT is pre-trained using the masked language modeling objective on a large multilingual corpus of URLs, domain names, and domain generation algorithms (DGA) dataset. We fine-tune DomURLs_BERT on several binary and multi-class classification tasks involving domain names and URLs, covering phishing, malware, DGA, and DNS tunneling. The evaluation results show that the proposed encoder outperforms state-of-the-art character-based deep learning models and cybersecurity-focused BERT models across multiple classification tasks and datasets, achieving accuracies of 99.11%, 98.80%, 98.98%, 98.51%, 100%, and 99.80% for binary classification on the UMUDGA, UTL_DGA, DNS Tunneling, Grambedding, LNU_Phish, and PhiUSIIL datasets, respectively. The pre-training dataset, DomURLs_BERT encoder, and source code for experiments are publicly available at <a href="https://github.com/AbdelkaderMH/DomURLs_BERT">https://github.com/AbdelkaderMH/DomURLs_BERT</a>.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

DomURLs_BERT: Pre-trained BERT-based Model for Malicious Domains and URLs Detection and Classification

  • Abdelkader El Mahdaouy,
  • Salima Lamsiyah,
  • Meryem Janati Idrissi,
  • Hamza Alami,
  • Zakaria Yartaoui,
  • Ismail Berrada

摘要

Detecting and classifying suspicious or malicious domain names and URLs is a fundamental task in cybersecurity. To leverage such indicators of compromise, cybersecurity vendors and practitioners often maintain and update blacklists of known malicious domains and URLs. However, blacklists frequently fail to identify emerging and obfuscated threats. Over the past few decades, there has been significant interest in developing machine learning models that automatically detect malicious domains and URLs, addressing the limitations of blacklist maintenance and updates. In this paper, we introduce DomURLs_BERT, a pre-trained BERT-based encoder adapted for encoding domain names and URLs. DomURLs_BERT is pre-trained using the masked language modeling objective on a large multilingual corpus of URLs, domain names, and domain generation algorithms (DGA) dataset. We fine-tune DomURLs_BERT on several binary and multi-class classification tasks involving domain names and URLs, covering phishing, malware, DGA, and DNS tunneling. The evaluation results show that the proposed encoder outperforms state-of-the-art character-based deep learning models and cybersecurity-focused BERT models across multiple classification tasks and datasets, achieving accuracies of 99.11%, 98.80%, 98.98%, 98.51%, 100%, and 99.80% for binary classification on the UMUDGA, UTL_DGA, DNS Tunneling, Grambedding, LNU_Phish, and PhiUSIIL datasets, respectively. The pre-training dataset, DomURLs_BERT encoder, and source code for experiments are publicly available at https://github.com/AbdelkaderMH/DomURLs_BERT.