Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection

Seok Jun Bu; Sung Bae Cho

doi:10.1109/ICASSP39728.2021.9414850

Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection

Seok Jun Bu, Sung Bae Cho

College of Computing

Research output: Contribution to journal › Conference article › peer-review

11 Citations (Scopus)

Abstract

Considering the fatality of phishing attacks that are emphasized by many organizations, the inductive learning approach using reported malicious URLs has been verified in the field of deep learning. However, the deep learning-based method mainly focused on the fitting of a classification task via historical URL observation shows a limitation of recall due to the characteristics of zero-day attack. In order to model the nature of a zero-day phishing attack in which URL addresses are generated and discarded immediately, an approach that utilizes the expert knowledge is promising. We introduce the integration method of deep learning and logic programmed domain knowledge to inject the real-world constraints. We design neural and logic classifiers and propose the joint learning method of each component based on the traditional neuro-symbolic integration. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the latest deep learning methods, despite the hostile class-imbalanced condition. We demonstrate that the optimized weighting between neural and logic component has an effect of improving the recall over 3% compared to the existing methods.

Original language	English
Pages (from-to)	2685-2689
Number of pages	5
Journal	ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
Volume	2021-June
DOIs	https://doi.org/10.1109/ICASSP39728.2021.9414850
Publication status	Published - 2021
Event	2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021 - Virtual, Toronto, Canada Duration: 2021 Jun 6 → 2021 Jun 11

Bibliographical note

Funding Information:
This work was supported by an IITP grant funded by the Korean MSIT (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and a grant funded by Air Force Research Laboratory, USA.

Publisher Copyright:
© 2021 IEEE

All Science Journal Classification (ASJC) codes

Software
Signal Processing
Electrical and Electronic Engineering

Access to Document

10.1109/ICASSP39728.2021.9414850

Cite this

@article{b2bc022ccc494242b6016c1c7a9773d8,

title = "Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection",

abstract = "Considering the fatality of phishing attacks that are emphasized by many organizations, the inductive learning approach using reported malicious URLs has been verified in the field of deep learning. However, the deep learning-based method mainly focused on the fitting of a classification task via historical URL observation shows a limitation of recall due to the characteristics of zero-day attack. In order to model the nature of a zero-day phishing attack in which URL addresses are generated and discarded immediately, an approach that utilizes the expert knowledge is promising. We introduce the integration method of deep learning and logic programmed domain knowledge to inject the real-world constraints. We design neural and logic classifiers and propose the joint learning method of each component based on the traditional neuro-symbolic integration. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the latest deep learning methods, despite the hostile class-imbalanced condition. We demonstrate that the optimized weighting between neural and logic component has an effect of improving the recall over 3% compared to the existing methods.",

author = "Bu, {Seok Jun} and Cho, {Sung Bae}",

note = "Funding Information: This work was supported by an IITP grant funded by the Korean MSIT (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and a grant funded by Air Force Research Laboratory, USA. Publisher Copyright: {\textcopyright} 2021 IEEE; 2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021 ; Conference date: 06-06-2021 Through 11-06-2021",

year = "2021",

doi = "10.1109/ICASSP39728.2021.9414850",

language = "English",

volume = "2021-June",

pages = "2685--2689",

journal = "Proceedings - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing",

issn = "0736-7791",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection

AU - Bu, Seok Jun

AU - Cho, Sung Bae

N1 - Funding Information: This work was supported by an IITP grant funded by the Korean MSIT (No. 2020-0-01361, Artificial Intelligence Graduate School Program (Yonsei University)) and a grant funded by Air Force Research Laboratory, USA. Publisher Copyright: © 2021 IEEE

PY - 2021

Y1 - 2021

N2 - Considering the fatality of phishing attacks that are emphasized by many organizations, the inductive learning approach using reported malicious URLs has been verified in the field of deep learning. However, the deep learning-based method mainly focused on the fitting of a classification task via historical URL observation shows a limitation of recall due to the characteristics of zero-day attack. In order to model the nature of a zero-day phishing attack in which URL addresses are generated and discarded immediately, an approach that utilizes the expert knowledge is promising. We introduce the integration method of deep learning and logic programmed domain knowledge to inject the real-world constraints. We design neural and logic classifiers and propose the joint learning method of each component based on the traditional neuro-symbolic integration. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the latest deep learning methods, despite the hostile class-imbalanced condition. We demonstrate that the optimized weighting between neural and logic component has an effect of improving the recall over 3% compared to the existing methods.

AB - Considering the fatality of phishing attacks that are emphasized by many organizations, the inductive learning approach using reported malicious URLs has been verified in the field of deep learning. However, the deep learning-based method mainly focused on the fitting of a classification task via historical URL observation shows a limitation of recall due to the characteristics of zero-day attack. In order to model the nature of a zero-day phishing attack in which URL addresses are generated and discarded immediately, an approach that utilizes the expert knowledge is promising. We introduce the integration method of deep learning and logic programmed domain knowledge to inject the real-world constraints. We design neural and logic classifiers and propose the joint learning method of each component based on the traditional neuro-symbolic integration. Extensive experiments on three real-world datasets consisting of 222,541 URLs showed the highest recall among the latest deep learning methods, despite the hostile class-imbalanced condition. We demonstrate that the optimized weighting between neural and logic component has an effect of improving the recall over 3% compared to the existing methods.

UR - http://www.scopus.com/inward/record.url?scp=85115053557&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85115053557&partnerID=8YFLogxK

U2 - 10.1109/ICASSP39728.2021.9414850

DO - 10.1109/ICASSP39728.2021.9414850

M3 - Conference article

AN - SCOPUS:85115053557

SN - 0736-7791

VL - 2021-June

SP - 2685

EP - 2689

JO - Proceedings - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing

JF - Proceedings - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing

T2 - 2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021

Y2 - 6 June 2021 through 11 June 2021

ER -

Integrating deep learning with first-order logic programmed constraints for zero-day phishing attack detection

Abstract

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this