Learning to Detect Malcious URLs

Justin Ma, University of California, Berkeley

We explore online learning approaches for detecting malicious Web sites (those involved in criminal scams) using lexical and host-based features of the associated URLs. We show that this application is particularly appropriate for online algorithms as the size of the training data is larger than can be efficiently processed in batch and because the distribution of features that typify malicious URLs is changing continuously. Using a real-time system we developed for gathering URL features, combined with a real-time source of labeled URLs from a large Web mail provider, we demonstrate that recently-developed online algorithms can be as accurate as batch techniques, achieving daily classification accuracies up to 99% over a balanced data set.

Speaker Biography

Justin Ma is a postdoc at the UC Berkeley AMPLab. Previously he was a PhD student at UC San Diego advised by Stefan Savage, Geoff Voelker, and Lawrence Saul. His primary research is in systems security. His interests include applications of machine learning to systems problems, systems for large-scale machine learning, and the impact of energy availability on computing.