IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i12p358-d987956.html
   My bibliography  Save this article

Detection of Malicious Websites Using Symbolic Classifier

Author

Listed:
  • Nikola Anđelić

    (Faculty of Engineering, University of Rijeka, 51000 Rijeka, Croatia
    These authors contributed equally to this work.)

  • Sandi Baressi Šegota

    (Faculty of Engineering, University of Rijeka, 51000 Rijeka, Croatia)

  • Ivan Lorencin

    (Faculty of Engineering, University of Rijeka, 51000 Rijeka, Croatia
    These authors contributed equally to this work.)

  • Matko Glučina

    (Faculty of Engineering, University of Rijeka, 51000 Rijeka, Croatia)

Abstract

Malicious websites are web locations that attempt to install malware, which is the general term for anything that will cause problems in computer operation, gather confidential information, or gain total control over the computer. In this paper, a novel approach is proposed which consists of the implementation of the genetic programming symbolic classifier (GPSC) algorithm on a publicly available dataset to obtain a simple symbolic expression (mathematical equation) which could detect malicious websites with high classification accuracy. Due to a large imbalance of classes in the initial dataset, several data sampling methods (random undersampling/oversampling, ADASYN, SMOTE, BorderlineSMOTE, and KmeansSMOTE) were used to balance the dataset classes. For this investigation, the hyperparameter search method was developed to find the combination of GPSC hyperparameters with which high classification accuracy could be achieved. The first investigation was conducted using GPSC with a random hyperparameter search method and each dataset variation was divided on a train and test dataset in a ratio of 70:30. To evaluate each symbolic expression, the performance of each symbolic expression was measured on the train and test dataset and the mean and standard deviation values of accuracy (ACC), A U C , precision, recall and f1-score were obtained. The second investigation was also conducted using GPSC with the random hyperparameter search method; however, 70%, i.e., the train dataset, was used to perform 5-fold cross-validation. If the mean accuracy, A U C , precision, recall, and f1-score values were above 0.97 then final training and testing (train/test 70:30) were performed with GPSC with the same randomly chosen hyperparameters used in a 5-fold cross-validation process and the final mean and standard deviation values of the aforementioned evaluation methods were obtained. In both investigations, the best symbolic expression was obtained in the case where the dataset balanced with the KMeansSMOTE method was used for training and testing. The best symbolic expression obtained using GPSC with the random hyperparameter search method and classic train–test procedure (70:30) on a dataset balanced with the KMeansSMOTE method achieved values of A C C ¯ , A U C ¯ , P r e c s i o n ¯ , R e c a l l ¯ and F 1 - s c o r e ¯ (with standard deviation) 0.9992 ± 2.249 × 10 − 5 , 0.9995 ± 9.945 × 10 − 6 , 0.9995 ± 1.09 × 10 − 5 , 0.999 ± 5.17 × 10 − 5 , 0.9992 ± 5.17 × 10 − 6 , respectively. The best symbolic expression obtained using GPSC with a random hyperparameter search method and 5-fold cross-validation on a dataset balanced with the KMeansSMOTE method achieved values of A C C ¯ , A U C ¯ , P r e c s i o n ¯ , R e c a l l ¯ and F 1 - s c o r e ¯ (with standard deviation) 0.9994 ± 1.13 × 10 − 5 , 0.9994 ± 1.2 × 10 − 5 , 1.0 ± 0 , 0.9988 ± 2.4 × 10 − 5 , and 0.9994 ± 1.2 × 10 − 5 , respectively.

Suggested Citation

  • Nikola Anđelić & Sandi Baressi Šegota & Ivan Lorencin & Matko Glučina, 2022. "Detection of Malicious Websites Using Symbolic Classifier," Future Internet, MDPI, vol. 14(12), pages 1-30, November.
  • Handle: RePEc:gam:jftint:v:14:y:2022:i:12:p:358-:d:987956
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/14/12/358/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/1999-5903/14/12/358/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Li Xu & Zhenxin Zhan & Shouhuai Xu & Keying Ye & Keesook Han & Frank Born, 2013. "Cross-Layer Detection of Malicious Websites," Working Papers 0150mss, College of Business, University of Texas at San Antonio.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Routhu Srinivasa Rao & Amey Umarekar & Alwyn Roshan Pais, 2022. "Application of word embedding and machine learning in detecting phishing websites," Telecommunication Systems: Modelling, Analysis, Design and Management, Springer, vol. 79(1), pages 33-45, January.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:12:p:358-:d:987956. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.