基于主成分分析和随机森林的恶意网站评估与识别<sup>*</sup>

doi:10.11925/infotech.2096-3467.2017.1188

数据分析与知识发现

2018, Vol. 2

Issue (4): 71-80 https://doi.org/10.11925/infotech.2096-3467.2017.1188

研究论文

本期目录 | 过刊浏览 | 高级检索

基于主成分分析和随机森林的恶意网站评估与识别^*

陈远, 王超群, 胡忠义(

), 吴江

武汉大学信息管理学院武汉 430072
武汉大学电子商务研究与发展中心武汉 430072

Identifying Malicious Websites with PCA and Random Forest Methods

Chen Yuan, Wang Chaoqun, Hu Zhongyi(

), Wu Jiang

School of Information Management, Wuhan University, Wuhan 430072, China
The Center for Electronic Commerce Research and Development, Wuhan University, Wuhan 430072, China

摘要
图/表
参考文献
相关文章
Metrics

全文: PDF (1756 KB) HTML ( 2 )
输出: BibTeX | EndNote (RIS)

摘要

【目的】充分利用网站多源评测指标, 研究恶意网站的评估和识别问题。【方法】在广泛收集网站多源评测指标的基础上, 采用主成分分析法对恶意网站进行多维度评估, 并在此基础上利用随机森林分类算法构建恶意网站识别模型。【结果】所构建方法可以有效提取权威、引用、访问量、排名、链接5个评估维度; 同时, 基于主成分分析法和随机森林的恶意网站识别模型具有较高的准确率和识别效率。【局限】受数据获取的限制, 本研究样本大多属于国外网站, 所提取的维度可能与国内恶意网站有一定差异; 同时没有考虑恶意网站与正常网站的数量存在不均衡问题。【结论】所构建的基于主成分分析和随机森林的模型既可以提取具有较好解释性的网站评价维度, 又具有较高的识别准确率和效率, 对后续恶意网站的评估与识别研究具有借鉴意义。

	服务

	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	陈远
	王超群
	胡忠义
	吴江

关键词 ：恶意网站, 评估与识别, 主成分分析, 随机森林

Abstract：

[Objective] This study aims to assess and identify malicious websites with the help of multi-source evaluation metrics. [Methods] We used the principal component analysis (PCA) to conduct a multi-dimensional assessment of malicious websites based on multi-source metrics of websites. Then, we built a malicious site identification model using random forest based on the assessment. [Results] We found that the PCA could effectively extract five assessment dimensions: authority, references, website traffic, ranking, and links. Meanwhile, the identification model was accurate and efficient. [Limitations] Most of the samples in this study were foreign websites, which means the extracted dimensions may be different from those in China. Additionally, we did not study the ratio of malicious to normal websites. [Conclusions] The proposed model could effectively extract dimensions for website assessment and then identifies the malicious ones.

Key words： Malicious Websites Assessment and Identification Principal Component Analysis Random Forest

收稿日期: 2017-11-24 出版日期: 2018-05-11

ZTFLH:

G353

基金资助:*本文系国家自然科学基金面上项目“创新2.0超网络中知识流动和群集交互的协同研究”(项目编号: 71373194)和国家自然科学基金青年基金项目“基于集成学习的区间型电力负荷预测技术研究”(项目编号: 71601147)的研究成果之一

引用本文:

陈远, 王超群, 胡忠义, 吴江. 基于主成分分析和随机森林的恶意网站评估与识别^*[J]. 数据分析与知识发现, 2018, 2(4): 71-80.
Chen Yuan,Wang Chaoqun,Hu Zhongyi,Wu Jiang. Identifying Malicious Websites with PCA and Random Forest Methods. Data Analysis and Knowledge Discovery, 2018, 2(4): 71-80.

链接本文:

http://manu44.magtech.com.cn/Jwk_infotech_wk3/CN/10.11925/infotech.2096-3467.2017.1188 或 http://manu44.magtech.com.cn/Jwk_infotech_wk3/CN/Y2018/V2/I4/71

恶意网站评估与识别模型的整体框架

网站评测指标体系

特征值及其贡献率

平行分析法的结果

方差极大法旋转之后的主成分结果

各主成分因子的核密度

二分类的混合矩阵

恶意网站识别结果

各算法的F-measure均值

Nemenyi事后检验结果

时间消耗对比(单位: 秒)

[1]	Sheng S, Weidman B, Warner G, et al.An Empirical Analysis of Phishing Blacklists[C]//Proceedings of the 6th Conference on Email and Anti-Spam, California, USA. 2009: 112-118.
[2]	Zhang Y, Egelman S, Cranor L, et al.Phinding Phish: Evaluating Anti-phishing Tools[C]//Proceedings of the 14th Annual Network and Distributed System Security Symposium. 2007: 381-192.
[3]	黄华军, 钱亮, 王耀钧. 基于异常特征的钓鱼网站 URL 检测技术[J]. 信息网络安全, 2012 (1): 23-25.
[3]	(Huang Huajun, Qian Liang, Wang Yaojun.Detection of Phishing URL Based on Abnormal Feature[J]. Netinfo Security, 2012(1): 23-25.)
[4]	Chiew K L, Chang E H, Sze S N, et al.Utilisation of Website Logo for Phishing Detection[J]. Computers & Security, 2015, 54: 16-26. doi: 10.1016/j.cose.2015.07.006
[5]	Hu Z, Chiong R, Pranata I, et al.Identifying Malicious Web Domains Using Machine Learning Techniques with Online Credibility and Performance Data[C]//Proceedings of the 2016 IEEE Congress on Evolutionary Computation (CEC), Vancouver, Canada. 2016: 5186-5194.
[6]	马威. 网站恶意性评估系统设计与实现[D]. 北京: 北京交通大学, 2010.
[6]	(Ma Wei.The Design and Implementation of Website Malice Assessing System[D]. Beijing: Beijing Jiaotong University, 2010.)
[7]	Purkait S.Examining the Effectiveness of Phishing Filters Against DNS Based Phishing Attacks, Information & Computer Security[J]. Information & Computer Security, 2015, 23(3): 333-346. doi: 10.1108/ICS-02-2013-0009
[8]	曾传璜, 李思强, 张小红. 基于AdaCostBoost 算法的网络钓鱼检测[J]. 计算机系统应用, 2015, 24(9): 129-133.
[8]	(Zeng Chuanhuang, Li Siqiang, Zhang Xiaohong.Phishing Detection System Based on AdaCostBoost Algorithm[J]. Computer Systems & Applications, 2015, 24(9): 129-133.)
[9]	Abdelhamid N.Multi-label Rules for Phishing Classification[J]. Applied Computing and Informatics, 2015, 11(1): 29-46. doi: 10.1016/j.aci.2014.07.002
[10]	Abutair H Y A, Belghith A. Using Case-Based Reasoning for Phishing Detection[J]. Procedia Computer Science, 2017, 109: 281-288. doi: 10.1016/j.procs.2017.05.352
[11]	Moghimi M, Varjani A Y.New Rule-based Phishing Detection Method[J]. Expert Systems with Applications, 2016, 53: 231-242. doi: 10.1016/j.eswa.2016.01.028
[12]	Yang X, Yan L, Yang B, et al.Phishing Website Detection Using C4.5 Decision Tree[C]//Proceedings of the 2nd International Conference on Information Technology and Management Engineering, Beijing, China. 2017.
[13]	Tan C L, Kang L C, Wong K S, et al.PhishWHO: Phishing Webpage Detection via Identity Keywords Extraction and Target Domain Name Finder[J]. Decision Support Systems, 2016, 88: 18-27. doi: 10.1016/j.dss.2016.05.005
[14]	庄蔚蔚, 叶艳芳, 李涛, 等. 基于分类集成的钓鱼网站智能检测系统[J]. 系统工程理论实践, 2011, 31(10): 2008-2020.
[14]	(Zhuang Weiwei, Ye Yanfang, Li Tao, et al.Intelligent Phishing Website Detection Using Classification Ensemble[J]. Systems Engineering-Theory & Practice, 2011, 31(10): 2008-2020.)
[15]	魏玉良. 基于主动探测的仿冒网站检测系统设计与实现[D]. 哈尔滨: 哈尔滨工业大学, 2014.
[15]	(Wei Yuliang.Design and Implementation Phishing Detecting System Based on Active Detection[D]. Harbin: Harbin Institute of Technology, 2014.)
[16]	杨明星. 基于登录页面及Logo图标检测的反钓鱼方案[D]. 太原: 太原理工大学, 2015.
[16]	(Yang Mingxing.An Anti- phishing Scheme Based on Login Page Detection and Logo Identification[D]. Taiyuan: Taiyuan University of Technology, 2015.)
[17]	朱百禄. 基于Web社区的钓鱼网站检测研究[D]. 天津: 天津理工大学, 2013.
[17]	(Zhu Bailu.A Method of Phishing Detection Based on Web Community[D]. Tianjin: Tianjin University of Technology, 2013.)
[18]	Zhang W, Lu H, Xu B, et al.Web Phishing Detection Based on Page Spatial Layout Similarity[J]. Informatica, 2013, 37(3): 231-244.
[19]	Islam R, Abawajy J.A Multi-tier Phishing Detection and Filtering Approach[J]. Journal of Network and Computer Applications, 2013, 36(1): 324-335. doi: 10.1016/j.jnca.2012.05.009
[20]	林海明, 杜子芳. 主成分分析综合评价应该注意的问题[J]. 统计研究, 2013, 30(8): 25-31. doi: 10.3969/j.issn.1002-4565.2013.08.004
[20]	(Lin Haiming, Du Zifang.Some Problems in Comprehensive Evaluation in the Principal Component Analysis[J]. Statistical Research, 2013, 30(8): 25-31.) doi: 10.3969/j.issn.1002-4565.2013.08.004
[21]	Breiman L.Random Forests[J]. Machine Learning, 2001, 45(1): 5-32. doi: 10.1023/A:1010933404324
[22]	薛薇. SPSS统计分析方法及应用[M].第3版. 北京: 电子工业出版社, 2013.
[22]	(Xue Wei.SPSS Statistical Analysis Method and Application[M]. The 3rd Edition. Beijing: Publishing House of Electronics Industry, 2013.)
[23]	Demšar J.Statistical Comparisons of Classifiers over Multiple Data Sets[J]. Journal of Machine Learning Research, 2006, 7(1): 1-30.

[1]	刘伟江,魏海,运天鹤. 基于卷积神经网络的客户信用评估模型研究*[J]. 数据分析与知识发现, 2020, 4(6): 80-90.
[2]	余本功,曹雨蒙,陈杨楠,杨颖. 基于nLD-SVM-RF的短文本分类研究*[J]. 数据分析与知识发现, 2020, 4(1): 111-120.
[3]	齐惠颖,江雨荷. 基于多组学数据融合构建乳腺癌生存预测模型 ^*[J]. 数据分析与知识发现, 2019, 3(8): 88-93.
[4]	陈万成,戴浩然,金映含. 基于数据挖掘方法的HEDONIC房屋价格评估模型——以美国城市西雅图为例[J]. 数据分析与知识发现, 2019, 3(5): 19-26.
[5]	周成,魏红芹. 基于随机森林属性约简的众包竞赛参与者识别体系研究^*[J]. 数据分析与知识发现, 2018, 2(7): 46-54.
[6]	张李义, 李一然, 文璇. 新消费者重复购买意向预测研究^*[J]. 数据分析与知识发现, 2018, 2(11): 10-18.
[7]	吕伟民, 王小梅, 韩涛. 结合链路预测和ET机器学习的科研合作推荐方法研究^*[J]. 数据分析与知识发现, 2017, 1(4): 38-45.
[8]	原欣伟, 杨少华, 王超超, 杜占河. 基于用户特征抽取和随机森林分类的用户创新社区领先用户识别研究^*[J]. 数据分析与知识发现, 2017, 1(11): 62-74.
[9]	张李义, 张皎. 一种基于主成分分析和随机森林的刷客识别方法[J]. 现代图书情报技术, 2015, 31(10): 65-71.
[10]	俞仙子, 高英莲, 马春霞, 刘金星. 提取核心特征词的惩罚性矩阵分解方法——以共词分析为例[J]. 现代图书情报技术, 2014, 30(3): 88-95.

Viewed

Full text

Abstract

Cited

Shared

Discussed