Adversarial Attacks on Featureless Deep Learning Malicious URLs Detection

Bader Rasheed, Adil Khan, S. M.Ahsan Kazmi, Rasheed Hussain, Md Jalil Piran, Doug Young Suh*

*Corresponding author for this work

Research output: Contribution to journalArticle (Academic Journal)peer-review

10 Citations (Scopus)
94 Downloads (Pure)

Abstract

Detecting malicious Uniform Resource Locators (URLs) is crucially important to prevent attackers from committing cybercrimes. Recent researches have investigated the role of machine learning (ML) models to detect malicious URLs. By using ML algorithms, rst, the features of URLs are extracted, and then differentMLmodels are trained. The limitation of this approach is that it requires manual feature engineering and it does not consider the sequential patterns in the URL. Therefore, deep learning (DL) models are used to solve these issues since they are able to perform featureless detection. Furthermore, DL models give better accuracy and generalization to newly designed URLs; however, the results of our study show that these models, such as any otherDLmodels, can be susceptible to adversarial attacks. In this paper, we examine the robustness of these models and demonstrate the importance of considering this susceptibility before applying such detection systems in real-world solutions. We propose and demonstrate a black-box attack based on scoring functions with greedy search for the minimum number of perturbations leading to a misclassication. The attack is examined against different types of convolutional neural networks (CNN)-based URL classiers and it causes a tangible decrease in the accuracy with more than 56% reduction in the accuracy of the best classier (among the selected classiers for this work). Moreover, adversarial training shows promising results in reducing the in uence of the attack on the robustness of the model to less than 7% on average.

Original languageEnglish
Pages (from-to)921-939
Number of pages19
JournalComputers, Materials and Continua
Volume68
Issue number1
Early online date22 Mar 2021
DOIs
Publication statusPublished - 22 Mar 2021

Bibliographical note

Funding Information:
Funding Statement: This research was supported by Korea Electric Power Corporation (Grant Number: R18XA02).

Publisher Copyright:
© 2021 Tech Science Press. All rights reserved.

Keywords

  • adversarial attack
  • deep learning
  • detection
  • Malicious URLs
  • web security

Fingerprint

Dive into the research topics of 'Adversarial Attacks on Featureless Deep Learning Malicious URLs Detection'. Together they form a unique fingerprint.

Cite this