Classifying Malicious URLs Using Gated Recurrent Neural Networks

  • Jingling Zhao
  • Nan WangEmail author
  • Qian Ma
  • Zishuai Cheng
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 773)


The past decade has witnessed a rapidly developing Internet, which consequently brings about devastating web attacks of various types. The popularity of automated web attack tools also pushes the need for better methods to proactively detect the huge amounts of evolutionary web attacks. In this work, large quantities of URLs were used for detecting web attacks using machine learning models. Based on the dataset and feature selection methods of [1], multi-classification of six types of URLs was explored using the random forest method, which was later compared against the gated recurrent neural networks. Even without the need of manual feature creation, the gated recurrent neural networks consistently outperformed the random forest method with well-selected features. Therefore, we determine it is an efficient and adaptive proactive detection system, which is more advanced in the ever-changing cyberspace environment.



This work was supported by National Natural Science Foundation of China (No. U1536122).


  1. 1.
    Cui, B., et al.: Malicious URL detection with feature extraction based on machine learningGoogle Scholar
  2. 2.
    Cleary, G., Corpin, M., et al.: Symantec internet security threat report 2017. Symantec Corp., Mountain View, CA, USA, Technical report (2018)Google Scholar
  3. 3.
    Yang, J., et al.: Multi-classification for malicious URL based on improved semi-supervised algorithm. In: 2017 IEEE International Conference on Computational Science and Engineering (CSE) and Embedded and Ubiquitous Computing (EUC), vol. 1. IEEE (2017)Google Scholar
  4. 4.
    Zhang, J., Porras, P.A., Ullrich, J.: Highly predictive blacklisting. In: USENIX Security Symposium (2008)Google Scholar
  5. 5.
    Prakash, P., et al.: PhishNet: predictive blacklisting to detect phishing attacks. In: INFOCOM, 2010 Proceedings IEEE. IEEE (2010)Google Scholar
  6. 6.
    Hegarty, R., Haggerty, J.: Extrusion detection of illegal files in cloud-based systems. Int. J. Space Based Situated Comput. 5(3), 150–158 (2015)CrossRefGoogle Scholar
  7. 7.
    Garera, S., et al.: A framework for detection and measurement of phishing attacks. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode. ACM (2007)Google Scholar
  8. 8.
    Bahnsen, A.C., et al.: Classifying phishing URLs using recurrent neural networks. In: 2017 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2017)Google Scholar
  9. 9.
    Wu, Q., et al.: ForesTexter: an efficient random forest algorithm for imbalanced text categorization. Knowl. Based Syst. 67, 105–116 (2014)CrossRefGoogle Scholar
  10. 10.
    Dietterich, T.G.: Machine learning for sequential data: a review. In: Joint IAPR International Workshops on Statistical Techniques in Pattern Recognition (SPR) and Structural and Syntactic Pattern Recognition (SSPR). Springer, Heidelberg (2002)Google Scholar
  11. 11.
    Schmidhuber, J.: Deep learning in neural networks: an overview. Neural Netw. 61, 85–117 (2015)CrossRefGoogle Scholar
  12. 12.
    Gers, F.A., Schmidhuber, J., Cummins, F.: Learning to forget: continual prediction with LSTM. Neural Comput. 12, 850–855 (1999)Google Scholar
  13. 13.
    Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)CrossRefGoogle Scholar
  14. 14.
    Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetzbMATHGoogle Scholar
  15. 15.
    Zhao, R., et al.: Machine health monitoring using local feature-based gated recurrent unit networks. IEEE Trans. Ind. Electron. 65(2), 1539–1548 (2018)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  • Jingling Zhao
    • 1
    • 3
  • Nan Wang
    • 1
    • 3
    Email author
  • Qian Ma
    • 2
    • 3
  • Zishuai Cheng
    • 1
    • 3
  1. 1.School of Computer ScienceBeijing University of Posts and TelecommunicationsBeijingChina
  2. 2.School of Cyberspace SecurityBeijing University of Posts and TelecommunicationsBeijingChina
  3. 3.National Engineering Laboratory for Mobile Network SecurityBeijingChina

Personalised recommendations