Cover Image

Cyber threat intelligence-based malicious URL detection model using ensemble learning

Web applications have become ubiquitous for many business sectors due to their platform independence and low operation cost. Billions of users are visiting these applications to accomplish their daily tasks. However, many of these applications are either vulnerable to web defacement attacks or creat...

Full description

Saved in:
Bibliographic Details
Main Authors: Mohammed Alsaedi, Mohammed Alsaedi, Abdoh Ghaleb, Fuad Abdulgaleel, Saeed, Faisal, Ahmad, Jawad, Mohammed Alasli, Mohammed Alasli
Format: Article
Language:English
Published: MDPI 2022
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/104018/1/FuadAbdulgaleelAbdoh2022_CyberThreatIntelligenceBasedMalicious.pdf
http://eprints.utm.my/104018/
http://dx.doi.org/10.3390/s22093373
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.104018
record_format eprints
spelling my.utm.1040182024-01-14T00:41:08Z http://eprints.utm.my/104018/ Cyber threat intelligence-based malicious URL detection model using ensemble learning Mohammed Alsaedi, Mohammed Alsaedi Abdoh Ghaleb, Fuad Abdulgaleel Saeed, Faisal Ahmad, Jawad Mohammed Alasli, Mohammed Alasli QA75 Electronic computers. Computer science Web applications have become ubiquitous for many business sectors due to their platform independence and low operation cost. Billions of users are visiting these applications to accomplish their daily tasks. However, many of these applications are either vulnerable to web defacement attacks or created and managed by hackers such as fraudulent and phishing websites. Detecting malicious websites is essential to prevent the spreading of malware and protect end-users from being victims. However, most existing solutions rely on extracting features from the website’s content which can be harmful to the detection machines themselves and subject to obfuscations. Detecting malicious Uniform Resource Locators (URLs) is safer and more efficient than content analysis. However, the detection of malicious URLs is still not well addressed due to insufficient features and inaccurate classification. This study aims at improving the detection accuracy of malicious URL detection by designing and developing a cyber threat intelligence-based malicious URL detection model using two-stage ensemble learning. The cyber threat intelligence-based features are extracted from web searches to improve detection accuracy. Cybersecurity analysts and users reports around the globe can provide important information regarding malicious websites. Therefore, cyber threat intelligence-based (CTI) features extracted from Google searches and Whois websites are used to improve detection performance. The study also proposed a two-stage ensemble learning model that combines the random forest (RF) algorithm for preclassification with multilayer perceptron (MLP) for final decision making. The trained MLP classifier has replaced the majority voting scheme of the three trained random forest classifiers for decision making. The probabilistic output of the weak classifiers of the random forest was aggregated and used as input for the MLP classifier for adequate classification. Results show that the extracted CTI-based features with the two-stage classification outperform other studies’ detection models. The proposed CTI-based detection model achieved a 7.8% accuracy improvement and 6.7% reduction in false-positive rates compared with the traditional URL-based model. MDPI 2022-05-01 Article PeerReviewed application/pdf en http://eprints.utm.my/104018/1/FuadAbdulgaleelAbdoh2022_CyberThreatIntelligenceBasedMalicious.pdf Mohammed Alsaedi, Mohammed Alsaedi and Abdoh Ghaleb, Fuad Abdulgaleel and Saeed, Faisal and Ahmad, Jawad and Mohammed Alasli, Mohammed Alasli (2022) Cyber threat intelligence-based malicious URL detection model using ensemble learning. Sensors, 22 (9). pp. 1-19. ISSN 1424-8220 http://dx.doi.org/10.3390/s22093373 DOI:10.3390/s22093373
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Mohammed Alsaedi, Mohammed Alsaedi
Abdoh Ghaleb, Fuad Abdulgaleel
Saeed, Faisal
Ahmad, Jawad
Mohammed Alasli, Mohammed Alasli
Cyber threat intelligence-based malicious URL detection model using ensemble learning
description Web applications have become ubiquitous for many business sectors due to their platform independence and low operation cost. Billions of users are visiting these applications to accomplish their daily tasks. However, many of these applications are either vulnerable to web defacement attacks or created and managed by hackers such as fraudulent and phishing websites. Detecting malicious websites is essential to prevent the spreading of malware and protect end-users from being victims. However, most existing solutions rely on extracting features from the website’s content which can be harmful to the detection machines themselves and subject to obfuscations. Detecting malicious Uniform Resource Locators (URLs) is safer and more efficient than content analysis. However, the detection of malicious URLs is still not well addressed due to insufficient features and inaccurate classification. This study aims at improving the detection accuracy of malicious URL detection by designing and developing a cyber threat intelligence-based malicious URL detection model using two-stage ensemble learning. The cyber threat intelligence-based features are extracted from web searches to improve detection accuracy. Cybersecurity analysts and users reports around the globe can provide important information regarding malicious websites. Therefore, cyber threat intelligence-based (CTI) features extracted from Google searches and Whois websites are used to improve detection performance. The study also proposed a two-stage ensemble learning model that combines the random forest (RF) algorithm for preclassification with multilayer perceptron (MLP) for final decision making. The trained MLP classifier has replaced the majority voting scheme of the three trained random forest classifiers for decision making. The probabilistic output of the weak classifiers of the random forest was aggregated and used as input for the MLP classifier for adequate classification. Results show that the extracted CTI-based features with the two-stage classification outperform other studies’ detection models. The proposed CTI-based detection model achieved a 7.8% accuracy improvement and 6.7% reduction in false-positive rates compared with the traditional URL-based model.
format Article
author Mohammed Alsaedi, Mohammed Alsaedi
Abdoh Ghaleb, Fuad Abdulgaleel
Saeed, Faisal
Ahmad, Jawad
Mohammed Alasli, Mohammed Alasli
author_facet Mohammed Alsaedi, Mohammed Alsaedi
Abdoh Ghaleb, Fuad Abdulgaleel
Saeed, Faisal
Ahmad, Jawad
Mohammed Alasli, Mohammed Alasli
author_sort Mohammed Alsaedi, Mohammed Alsaedi
title Cyber threat intelligence-based malicious URL detection model using ensemble learning
title_short Cyber threat intelligence-based malicious URL detection model using ensemble learning
title_full Cyber threat intelligence-based malicious URL detection model using ensemble learning
title_fullStr Cyber threat intelligence-based malicious URL detection model using ensemble learning
title_full_unstemmed Cyber threat intelligence-based malicious URL detection model using ensemble learning
title_sort cyber threat intelligence-based malicious url detection model using ensemble learning
publisher MDPI
publishDate 2022
url http://eprints.utm.my/104018/1/FuadAbdulgaleelAbdoh2022_CyberThreatIntelligenceBasedMalicious.pdf
http://eprints.utm.my/104018/
http://dx.doi.org/10.3390/s22093373
_version_ 1789424366474231808
score 13.18916

Similar Items