Identifying suspicious URLs: an application of large-scale online learning
Proceedings of the 26th annual international conference on machine learning, 2009•dl.acm.org
This paper explores online learning approaches for detecting malicious Web sites (those
involved in criminal scams) using lexical and host-based features of the associated URLs.
We show that this application is particularly appropriate for online algorithms as the size of
the training data is larger than can be efficiently processed in batch and because the
distribution of features that typify malicious URLs is changing continuously. Using a real-time
system we developed for gathering URL features, combined with a real-time source of …
involved in criminal scams) using lexical and host-based features of the associated URLs.
We show that this application is particularly appropriate for online algorithms as the size of
the training data is larger than can be efficiently processed in batch and because the
distribution of features that typify malicious URLs is changing continuously. Using a real-time
system we developed for gathering URL features, combined with a real-time source of …
This paper explores online learning approaches for detecting malicious Web sites (those involved in criminal scams) using lexical and host-based features of the associated URLs. We show that this application is particularly appropriate for online algorithms as the size of the training data is larger than can be efficiently processed in batch and because the distribution of features that typify malicious URLs is changing continuously. Using a real-time system we developed for gathering URL features, combined with a real-time source of labeled URLs from a large Web mail provider, we demonstrate that recently-developed online algorithms can be as accurate as batch techniques, achieving classification accuracies up to 99% over a balanced data set.