Toward More Generalized Malicious URL Detection Models
YunDa Tsai, Cayon Liow, Yin Sheng Siang, Shou-De Lin
TL;DR
The paper shows that state-of-the-art malicious URL detectors suffer strong generalization gaps when faced with open-domain daily queries due to token-level data bias. It introduces Adversarial Debiasing Feature Embedding (ADE), which uses a Bias Predictor and gradient reversal to minimize the mutual information between biased token signals and the embedding, yielding invariant representations. ADE substantially improves out-of-domain and time-drift generalization for CNN and RNN backbones (e.g., URLNet, MalConv, LSTM) across URL/HTML/EXE tasks, with large AUC gains and strong statistical significance. This approach offers more robust, bias-resistant security ML models and highlights the need for bias-aware evaluation and interpretability in real-world malware detection systems.
Abstract
This paper reveals a data bias issue that can severely affect the performance while conducting a machine learning model for malicious URL detection. We describe how such bias can be identified using interpretable machine learning techniques, and further argue that such biases naturally exist in the real world security data for training a classification model. We then propose a debiased training strategy that can be applied to most deep-learning based models to alleviate the negative effects from the biased features. The solution is based on the technique of self-supervised adversarial training to train deep neural networks learning invariant embedding from biased data. We conduct a wide range of experiments to demonstrate that the proposed strategy can lead to significantly better generalization capability for both CNN-based and RNN-based detection models.
