Classification of URL bitstreams using bag of bytes

• Published in: 2018 21st Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN) pp. 1 - 5
• Main Authors: Shima, Keiichi, Miyamoto, Daisuke, Abe, Hiroshi, Ishihara, Tomohiro, Okada, Kazuya, Sekiya, Yuji, Asai, Hirochika, Dois, Yusuke
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.02.2018
• ISSN: 2472-8144
• DOI: 10.1109/ICIN.2018.8401597

Protecting users from accessing malicious web sites is one of the important management tasks for network operators. There are many open-source and commercial products to control web sites users can access. The most traditional approach is blacklist-based filtering. This mechanism is simple but not scalable, though there are some enhanced approaches utilizing fuzzy matching technologies. Other approaches try to use machine learning (ML) techniques by extracting features from URL strings. This approach can cover a wider area of Internet web sites, but finding good features requires deep knowledge of trends of web site design. Recently, another approach using deep learning (DL) has appeared. The DL approach will help to extract features automatically by investigating a lot of existing sample data. Using this technique, we can build a flexible filtering decision module by keep teaching the neural network module about recent trends, without any specific expert knowledge of the URL domain. In this paper, we apply a mechanical approach to generate feature vectors from URL strings. We implemented our approach and tested with realistic URL access history data taken from a research organization and data from the famous archive site of phishing site information, PhishTank.com. Our approach achieved 2∼3% better accuracy compared to the existing DL- based approach.