Firstfilter: A cost-sensitive approach to malicious URL detection in large-scale enterprise networks

Abstract

We present Firstfilter, a new cost-sensitive classifier that detects malicious Uniform Resource Locations (URLs) in large-scale enterprise networks. Firstfilter classifies an input URL as benign, unknown, or malicious, and utilizes a cost matrix to select the most relevant features and to control model misclassifications. The cost matrix provides an effective tool to fine tune key performance metrics of the cost-sensitive classifier. We evaluate Firstfilter extensively with large-scale network datasets collected from an enterprise network for three months, spanning from June 2015 to August 2015. Our evaluation results show that Firstfilter consistently outperforms cost-insensitive classifiers and other binary classifiers.