The widespread use of the Internet has revolutionized information retrieval methods. However, this transformation has also given rise to a significant cybersecurity challenge: the rapid proliferation of malicious URLs, which serve as entry points for a wide range of cyber threats. In this study, we present an efficient pre-training model-based framework for malicious URL detection. Leveraging the subword and character-aware pre-trained model, CharBERT, as our foundation, we further develop three key modules: hierarchical feature extraction, layer-aware attention, and spatial pyramid pooling. The hierarchical feature extraction module follows the pyramid feature learning principle, extracting multi-level URL embeddings from the different Transformer layers of CharBERT. Subsequently, the layer-aware attention module autonomously learns connections among features at various hierarchical levels and allocates varying weight coefficients to each level of features. Finally, the spatial pyramid pooling module performs multiscale downsampling on the weighted multi-level feature pyramid, achieving the capture of local features as well as the aggregation of global features. The proposed method has been extensively validated on multiple public datasets, demonstrating a significant improvement over prior works, with the maximum accuracy gap reaching 8.43% compared to the previous state-of-the-art method. Additionally, we have assessed the model's generalization and robustness in scenarios such as cross-dataset evaluation and adversarial attacks. Finally, we conducted real-world case studies on the active phishing URLs.

翻译：互联网的广泛应用彻底革新了信息检索方式。然而，这一变革也带来了严峻的网络安全挑战：恶意URL的快速激增，这些URL成为各类网络威胁的入口点。在本研究中，我们提出了一种基于高效预训练模型的恶意URL检测框架。以具备子词和字符感知能力的预训练模型CharBERT为基础，我们进一步开发了三个关键模块：层级特征提取、层级感知注意力以及空间金字塔池化。层级特征提取模块遵循金字塔特征学习原理，从CharBERT的不同Transformer层中提取多级URL嵌入。随后，层级感知注意力模块自主学习不同层级特征间的关联，并为每一层级特征分配不同的权重系数。最后，空间金字塔池化模块对加权后的多级特征金字塔进行多尺度下采样，实现局部特征的捕获与全局特征的聚合。所提方法在多个公开数据集上进行了广泛验证，较先前研究展现出显著提升，与先前最优方法相比，最大准确率差距达8.43%。此外，我们评估了模型在跨数据集评估和对抗攻击等场景下的泛化能力与鲁棒性。最后，我们针对活跃钓鱼URL开展了真实场景案例研究。