一种车联网环境下的多阶段恶意网站快速检测方法

doi:10.19678/j.issn.1000-3428.00 70466

摘要/Abstract

摘要： 车载第三方服务访问恶意网站的数量迅速增加，已成为车联网安全的重大威胁。目前，车联网恶意网站检测面临三大瓶颈：传统工具处理大规模网站数据时存在较长的检测时延，恶意网站统一资源定位符（URL）混淆问题影响识别准确性，且恶意网站数据集的获取困难，这些因素均严重制约了检测的效率和准确性。针对这些问题，本文提出了一种基于逻辑回归的多阶段恶意网站快速检测方法。使用搜索引擎对合法网站进行初步过滤，减少计算资源的浪费。通过对恶意混淆技术的分析归纳，设计匹配规则，并提出了一种基于启发式规则的恶意网站过滤方法，实现混淆网站URL的有效过滤，克服了传统工具无法有效检测带有恶意混淆URL的问题。为进一步提升检测准确性，构建了全面和轻量的恶意网站检测特征集合，并使用逻辑回归分类方法对特征提取分析。实验结果表明，该方法在恶意网站检测的准确性和效率方面显著优于传统方法，在公开数据集上达到98.1%的准确率，检测时间减少了75%左右。

Abstract: The number of malicious websites accessed by in-vehicle third-party services has been rapidly increasing, posing a significant threat to the security of the Internet of Vehicles. Currently, there are three major challenges in IoV malicious website detection: traditional tools exhibit high detection latency when processing large-scale website data, the presence of obfuscated malicious URLs reduces detection accuracy, and the difficulty in obtaining malicious website datasets further hinders effective detection. These factors collectively limit both the efficiency and accuracy of the detection process. To address these issues, this paper proposes a multi-stage rapid malicious website detection method based on logistic regression. The method uses search engines for preliminary filtering of legitimate websites to reduce computational resource wastage. It designs matching rules through the analysis and summarization of malicious obfuscation techniques and introduces a heuristic rule-based malicious website filtering method to effectively filter obfuscated website URLs, overcoming the limitations of traditional tools in detecting URLs with malicious obfuscation. To further enhance detection accuracy, it constructs a comprehensive and lightweight set of malicious website detection features and employs logistic regression classification for feature extraction and analysis. Experimental results demonstrate that the MSHL method significantly outperforms traditional methods in terms of accuracy and efficiency in malicious website detection, achieving an accuracy of 98.1% on public datasets and reducing detection time by approximately 75%

毛煜阳, 徐崇钧, 杨华雨, 翟溪林, 张华. 一种车联网环境下的多阶段恶意网站快速检测方法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.00 70466.

Mao Yuyang, Xu Chongjun, Yang Huayu, Zhai Xilin, Zhang Hua. A multi-stage fast malicious website detection method in the vehicular network environment[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.00 70466.

参考文献

[1] 孙德强, 张俊仪, 时瑞浩. 车载信息娱乐系统发展及趋势研究[J]. 汽车电器, 2024, (06): 39-41. SUN DQ, ZHANG JY, SHI RH. Research on the development and trends of in-vehicle infotainment systems. Automotive Electronics, 2024, (06): 39-41. (in Chinese)
[2] 刘大鹏. 智能网联汽车信息安全挑战与思考[J]. 中国信息安全, 2024, (02): 41-43. LIU DP. Challenges and thoughts on information security in intelligent connected vehicles. China Information Security, 2024, (02): 41-43. (in Chinese)
[3] 丁志海. 车联网网络安全风险态势及对策分析[J]. 时代汽车, 2023, (17): 194-196. DING ZH. Analysis of network security risk situation and countermeasures in the Internet of Vehicles. Times Automotive, 2023, (17): 194-196. (in Chinese)
[4] 国家计算机网络应急技术处理协调中心（CNCERT/CC）. 2020. 中国互联网网络安全报告[R]. 北京: 国家计算机网络应急技术处理协调中心, 2020.[5] 赵占永. 基于动静态结合的恶意 URL 分析研判技术[J]. 广播电视网络, 2022, 29(10): 71-74. ZHAO ZY. Malicious URL analysis and judgment technology based on dynamic-static combination. Broadcasting & Television Network, 2022, 29(10): 71-74. (in Chinese)
[6] 江恺, 曹越, 周欢, 等. 车联网边缘智能：概念、架构、问题、实施和展望[J]. 物联网学报, 2023, 7(01): 37-48. JIANG K, CAO Y, ZHOU H, et al. Edge intelligence in the Internet of Vehicles: Concepts, architecture, problems, implementation, and prospects. Journal of Internet of Things, 2023, 7(01): 37-48. (in Chinese)
[7] Aljabri M, Alhaidari F, Mohammad R M A, et al. An assessment of lexical, network, and content-based features for detecting malicious urls using machine learning and deep learning models[J]. Computational Intelligence and Neuroscience, 2022, 2022.
[8] Mehndiratta M, Jain N, Malhotra A, et al. Malicious URL: Analysis and Detection using Machine Learning[C]//2023 10th International Conference on Computing for Sustainable Global Development (INDIACom). IEEE, 2023: 1461-1465.
[9] Verma R, Das A. What's in a URL: Fast Feature Extraction and Malicious URL Detection[C]//2017 3rd ACM International Workshop on Security and Privacy Analytics (IWSPA). ACM, 2017: 55-63.
[10] Sahoo D, Liu C, Hoi SC. Malicious URL detection using machine learning: A survey[C]//arXiv preprint arXiv:1701.07179. 2017.
[11] Khalife J, Nassar F T H M, Al Marri M H M K H. New Heuristics Method for Malicious URLs Detection Using Machine Learning[C]//2023 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 2023: 1-6.
[12] Chiramdasu R, Srivastava G, Bhattacharya S, et al. Malicious url detection using logistic regression[C]//2021 IEEE International Conference on Omni-Layer Intelligent Systems (COINS). IEEE, 2021: 1-6.
[13] 薛鹏飞, 沈毅, 胡淼, 等. 基于规则的域名 WHOIS 信息抽取技术研究[J]. 信息对抗技术, 2023, 2(01): 66-77. XUE PF, SHEN Y, HU M, et al. Research on rule-based domain name WHOIS information extraction technology. Information Countermeasure Technology, 2023, 2(01): 66-77. (in Chinese)
[14] Google. Google Safe Browsing[EB/OL]. (2006-01-01)[2023-11-10].
https://developers.g-oogle.cn/safe-browsingl/2020-10-15. [15] Azeez N A, Misra S, Margaret I A, et al. Adopting automated whitelist approach for detecting phishing attacks[J]. Computers & Security, 2021, 108: 102328.
[16] Prakash P, Kumar M, Kompella R R, et al. Phishnet: predictive blacklisting to detect phishing attacks[C]//2010 Proceedings IEEE INFOCOM. IEEE, 2010: 1-5.
[17] Akiyama M, Yagi T, Itoh M. Searching structural neighborhood of malicious urls to improve blacklisting[C]//2011 IEEE/IPSJ International Symposium on Applications and the Internet. IEEE, 2011: 1-10.
[18] Rao R S, Pais A R, Anand P. A heuristic technique to detect phishing websites using TWSVM classifier[J]. Neural Computing and Applications, 2021, 33: 5733-5752.
[19] Moghimi M, Varjani A Y. New rule-based phishing detection method[J]. Expert systems with applications, 2016, 53: 231-242.
[20] Zhang Y, Hong J I, Cranor L F. Cantina: a content-based approach to detecting phishing web sites[C]//Proceedings of the 16th international conference on World Wide Web. 2007: 639-648.
[21] da Silva C M R, Feitosa E L, Garcia V C. Heuristic-based strategy for Phishing prediction: A survey of URL-based approach[J]. Computers & Security, 2020, 88: 101613.
[22] Kumari K, Jaison F. Detection of URL Based Phishing Websites Using Machine Learning in Django Framework[J]. Int J Res Appl Sci Eng Technol, 2022, 10(3).
[23] Vinyals O, Blundell C, Lillicrap T, et al. Matching networks for one shot learning[J]. Advances in neural information processing systems, 2016, 29.
[24] Naru P, Chinthala S K R, Sekhar P G, et al. Detection of Fake Websites using Machine Learning Techniques[C]//2023 3rd International Conference on Smart Data Intelligence (ICSMDI). IEEE, 2023: 477-482.
[25] Zhang Y, Fu X, Yang R, et al. DRSDetector: Detecting Gambling Websites by Multi-level Feature Fusion[C]//2023 IEEE Symposium on Computers and Communications(ISCC). IEEE, 2023: 1441-1447.
[26] Yan X, Xu Y, Cui B, et al. Learning URL embedding for malicious website detection[J]. IEEE Transactions on Industrial Informatics, 2020, 16(10): 6673-6681.
[27] Alani M M, Tawfik H. Phishnot: A cloud-based machine-learning approach to phishing url detection[J]. Computer Networks, 2022, 218: 109407.

选择文件类型/文献管理软件名称

选择包含的内容