A Deep Learning Based Online Malicious URL and DNS Detection Scheme

  • Jianguo Jiang
  • Jiuming Chen
  • Kim-Kwang Raymond Choo
  • Chao Liu
  • Kunying Liu
  • Min YuEmail author
  • Yongjian WangEmail author
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 238)


URL and DNS are two common attack vectors in malicious network activities; thus, detection for malicious URL and DNS is crucial in network security. In this paper, we propose an online detection scheme based on character-level deep neural networks. Specifically, this scheme maps the URL and DNS strings into vector form using some natural language processing methods. The CNN (Convolutional Neural Network) network framework is then designed to automatically extract the malicious features and train the classifying model. Experimental results on real-world URL and DNS datasets show that proposed method outperforms several state-of-art baseline methods, in terms of efficiency and scalability.


Network security Malicious URL detection Online detection CNN 



This work is supported by National Natural Science Foundation of China (No. 61173008, 61402124), Strategic Pilot Technology Chinese Academy of Sciences (No. XDA06010703) and Key Lab of Information Network Security, Ministry of Public Security (No. C17614).


  1. 1.
    Choo, K.-K.R.: A conceptual interdisciplinary plug-and-play cyber security framework. In: Kaur, H., Tao, X. (eds.) ICTs and the Millennium Development Goals, pp. 81–99. Springer, Boston (2014). Scholar
  2. 2.
    Choo, K.-K.R., Grabosky, P.: CyberCrime. In: The Oxford Handbook of Organized Crime. Oxford University Press, Oxford, 24 Oct 2014Google Scholar
  3. 3.
  4. 4.
    Prokhorenko, V., Choo, K.-K.R., Ashman, H.: Web application protection techniques: a taxonomy. J. Netw. Comput. Appl. 60, 95–112 (2016)CrossRefGoogle Scholar
  5. 5.
    Provos, N., et al.: All your iFRAMEs point to Us. In: Conference on Security Symposium USENIX Association, pp. 1–15 (2008)Google Scholar
  6. 6.
    McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: Usenix Workshop on Large-Scale Exploits and Emergent Threats, 15 April 2008, San Francisco, CA, USA, Proceedings DBLP (2008)Google Scholar
  7. 7.
    Yadav, S., et al.: Detecting algorithmically generated malicious domain names. In: ACM SIGCOMM Conference on Internet Measurement 2010, Melbourne, Australia, November DBLP, pp. 48–61 (2010)Google Scholar
  8. 8.
    Ma, J., et al.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Paris, France, 28 June – July DBLP, pp. 1245–1254 (2009)Google Scholar
  9. 9.
    Yen, T.F., et al.: Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks. In: Computer Security Applications Conference, pp. 199–208 (2013)Google Scholar
  10. 10.
    Huang, D., Xu, K., Pei, J.: Malicious URL detection by dynamically mining patterns without pre-defined elements. World Wide Web 17(6), 1375–1394 (2014)CrossRefGoogle Scholar
  11. 11.
    Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: International Conference on Neural Information Processing Systems Curran Associates Inc., pp. 1097–1105 (2012)Google Scholar
  12. 12.
    Ouyang, W., et al.: DeepID-Net: deformable deep convolutional neural networks for object detection. IEEE Trans. Pattern Anal. Mach. Intell. pp(99), 1 (2016)Google Scholar
  13. 13.
    Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. In: International Conference on Neural Information Processing Systems, pp. 3104–3112. MIT Press (2014)Google Scholar
  14. 14.
    Zhang, X., Zhao, J., Lecun, Y.: Character-level convolutional networks for text classification. In: International Conference on Neural Information Processing Systems, pp. 649–657. MIT Press (2015)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  • Jianguo Jiang
    • 1
  • Jiuming Chen
    • 1
    • 2
  • Kim-Kwang Raymond Choo
    • 3
  • Chao Liu
    • 1
  • Kunying Liu
    • 1
  • Min Yu
    • 1
    • 2
    Email author
  • Yongjian Wang
    • 4
    Email author
  1. 1.Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  2. 2.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina
  3. 3.Department of Information Systems and Cyber SecurityUniversity of Texas at San AntonioSan AntonioUSA
  4. 4.Key Laboratory of Information Network Security of Ministry of Public SecurityThe Third Research Institute of Ministry of Public SecurityShanghaiChina

Personalised recommendations