A Hybrid approach combining blocklists, machine learning and deep learning for detection of malicious URLs
Bronjon Gogoi, Tasiruddin Ahmed, Arabinda Dutta
Abstract
Malicious URLs are one of the most commonly used methods of distributing malware and ransomware, launching phishing attacks, sending spam, and defacement of websites. Attackers send malicious URLS via email, advertisement, or embed them in legitimate websites. Unsuspecting users click malicious URLs and become targets of attackers. Detecting malicious URLs and alerting the user can prevent some of the attacks and hence detection of malicious URLs is an important part of cyber security. In this paper, a hybrid approach, combining traditional, machine learning, and deep learning methods for detecting malicious URLs is proposed. The traditional approach is a signature or a blocklist based approach that can detect existing malicious URLs. The signature-based approach is augmented with a shallow and a deep learning based approach that can detect new malicious URLs for which no signatures exist. The machine learning and deep learning based approach is trained and tested on a large dataset consisting of 2.5 million malicious and benign URLs. The combined system of traditional blocklist, shallow learning and deep learning approach achieves a precision, recall and f1- score of greater than 0.97.