Affiliation:
1. School of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China
2. The Third Research Institute of the Ministry of Public Security, Shanghai 200031, China
3. Department of Information Management, The National Police University for Criminal Justice, Baoding 071000, China
Abstract
In recent years, the number of malicious web pages has increased dramatically, posing a great challenge to network security. While current machine learning-based detection methods have emerged as a promising alternative to traditional detection techniques. However, these methods are commonly based on single-modal features or simple stacking of classifiers built on various features. As a result, these techniques are not capable of effectively fusing features from different modalities, ultimately limiting the detection effectiveness. To address this limitation, we propose a malicious web page detection method based on multi-modal learning and pre-trained models. First, in the input stage, the raw URL and HTML tag sequences of web pages are used as input features. To help the subsequent model learn the relationship between the two modalities and avoid information confusion, modal-type encoding, and positional encoding are introduced. Next, a single-stream neural network based on the ConvBERT pre-trained model is used as the backbone classifier, and it learns the representation of multi-modal features through fine-tuning. For the output part of the model, a linear layer based on large margin softmax is applied to the decision-making. This activation function effectively increases the classification boundary and improves the robustness. In addition, a coarse-grained modal matching loss is added to the model optimization objective to assist the models in learning the cross-modal association features. Experimental results on synthetic datasets show that our proposed method outperforms traditional single-modal detection methods in general, and has advantages over baseline models in terms of accuracy and reliability.
Funder
National Social Science Foundation Key Project
National Key Research and Development Program of China
Subject
Fluid Flow and Transfer Processes,Computer Science Applications,Process Chemistry and Technology,General Engineering,Instrumentation,General Materials Science
Reference39 articles.
1. Tutorial and critical analysis of phishing websites methods;Mohammad;Comput. Sci. Rev.,2015
2. (2022, December 23). 2021 China Cybersecurity Report. Available online: http://it.rising.com.cn/dongtai/19858.html.
3. Prakash, P., Kumar, M., Kompella, R.R., and Gupta, M. (2010, January 14–19). Phishnet: Predictive Blacklisting to Detect Phishing Attacks. Proceedings of the 2010 IEEE INFOCOM, San Diego, CA, USA.
4. Chou, N. (2004, January 24–27). Client-side defense against web-based identity theft. Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS’04), San Diego, CA, USA.
5. Set-up and deployment of a high-interaction honeypot: Experiment and lessons learned;Nicomette;J. Comput. Virol.,2010
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. A Review of Data-Driven Approaches for Malicious Website Detection;2023 7th Asian Conference on Artificial Intelligence Technology (ACAIT);2023-11-10