A Large-Scale Pretrained Model for Malicious URL Detection
摘要
In recent years, malicious URLs have become significant conduits for conducting cyber attacks, phishing, and fraudulent activities. As attack methods evolve, malicious URLs exhibit new characteristics to circumvent existing detection mechanisms. This paper collected approximately 1.5 million malicious URLs released by mainstream security websites in recent years and conducted a statistical analysis on their features. In response to the inherent characteristics of URLs composed of characters lacking clear semantic meaning and distinct delimiters, we introduce tokenizing methods better suited for URL corpora and propose a pre-training task tailored to these characteristics. Addressing the emerging feature of similarity among malicious URLs generated in bulk, we propose an additional pre-training task aimed at capturing the mutual relationships among malicious URLs. Building on this, we propose URLs-BERT, a BERT-based pre-trained language model for detecting malicious URLs. Experimental results demonstrate that the model achieves a 99.80% accuracy rate on binary classification tasks of malicious URLs and a 99.83% accuracy rate on multi-classification tasks. Furthermore, the model’s generalization performance has been validated on website category classification tasks, surpassing existing baseline methods. Its lightweight fine-tuning allows for rapid deployment in novel malicious URL detection scenarios.