About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
IBM J. Res. Dev
Paper
Firstfilter: A cost-sensitive approach to malicious URL detection in large-scale enterprise networks
Abstract
We present Firstfilter, a new cost-sensitive classifier that detects malicious Uniform Resource Locations (URLs) in large-scale enterprise networks. Firstfilter classifies an input URL as benign, unknown, or malicious, and utilizes a cost matrix to select the most relevant features and to control model misclassifications. The cost matrix provides an effective tool to fine tune key performance metrics of the cost-sensitive classifier. We evaluate Firstfilter extensively with large-scale network datasets collected from an enterprise network for three months, spanning from June 2015 to August 2015. Our evaluation results show that Firstfilter consistently outperforms cost-insensitive classifiers and other binary classifiers.