Ensemble Based Detection of Phishing URLs Using Hybrid, Deep Learning and Machine Learning Models

Abstract

Phishing attacks pose a serious cybersecurity threat, requiring advanced detection mechanisms. This study proposes an ensemble-based phishing Uniform Resource Locator(URL) detection framework integrating both machine learning and deep learning models. The first phase employs Adaboost, Naïve Bayes(NB), Random Forest(RF), Logistic Regression(LR), Support Vector Machine(SVM), Artificial Neural Network(ANN), Convolutional Neural Network(CNN), Recurrent Neural Network(RNN), Long Short TermMemory(LSTM) and Stacked Gated Recurrent Unit(Stacked GRU), combined using voting ensemble. The second phase includes detection with hybrid deep learning models, including Neural Network -Long Short Term Memory(NN_LSTM), StackedGated Recurrent Unit-Convolutional Neural Network-Long Short Term Memory(StackedGRU_CNN_LSTM), Deep Belief Network -StackedGated Recurrent Unit-Transformer(DBN_StackedGRU_Transformer), Autoencoder+Convolutional Neural Network-Long Short Term Memory+Bi-Gated Recurrent Unit(AutoencoderCNNLSTMBiGRU), and Multi LayerPerceptron-Bi-Long Short Term Memory-Convolutional Neural Network-Gated Recurrent Unit(MLP_BiLSTM_CNN_GRU), utilizing stacking and a host of other ensemble methods like Voting,Weighted Averaging, Confidence-Based Stacking, Gated Mixture of Experts, Neural Greedy Selector, Stacked with Featuresfor improved classification. Performance evaluation using accuracy, precision, recall, and F1-score shows that ensemble learning significantly enhances phishing detection accuracy, making it a robust cybersecurity solution.

Introduction

Phishing is a cyberattack method where criminals impersonate trusted entities to steal sensitive information like login credentials and financial data. In 2023, phishing attacks surged with nearly 5 million incidents and billions of phishing messages daily. Various phishing types include email phishing, spear phishing (targeted), smishing (SMS), vishing (voice), whaling (high-profile targets), and pharming (fake websites). Attackers often use deceptive URLs to mimic legitimate sites.

Phishing causes financial loss, data breaches, and reputational damage. Machine learning (ML) and deep learning (DL) techniques have become crucial in detecting phishing by analyzing URL patterns and website features. Rule-based, whitelist-based, ML-based, DL-based, visual similarity, and hybrid approaches are widely researched for phishing detection. Hybrid models combining ML and DL show improved accuracy by leveraging diverse phishing characteristics but may be computationally intensive.

This paper proposes a multi-level ensemble-based phishing URL detection system that integrates traditional ML models and advanced hybrid DL architectures. It uses a large dataset of 88,647 URLs with 112 features describing URL characteristics. The methodology involves preprocessing, feature engineering, training three categories of models (traditional ML, DL, and hybrid DL), and applying ensemble techniques such as soft voting, stacking, and gated mixture of experts to improve detection.

Experimental results show that hybrid deep learning models combined with ensemble methods outperform individual models, achieving high accuracy, precision, recall, and F1 scores. Advanced ensemble methods like stacking and neural fusion consistently provide the best performance, demonstrating the effectiveness of ensemble learning for real-world phishing URL detection.

Conclusion

This study highlights the superior effectiveness of ensemble-based learning in phishing URL detection by integrating both classical machine learning models and advanced hybrid deep learning architectures. Among the individual models evaluated, Random Forest from Phase-1 and NN_LSTM from Phase-2 delivered the most competitive standalone performances, with high accuracy and ROC AUC scores. However, all ensemble strategies consistently outperformed individual models across all evaluation metrics.The best-performing model across both phases was the Stacking Classifier applied to hybrid deep learning models, achieving the highest accuracy (96.38%), precision (93.88%), recall (95.77%), F1-score (94.82%), and ROC AUC (0.9925). This clearly demonstrates that the strategic fusion of diverse neural architectures through advanced ensembling techniques leads to significantly improved generalization and robustness. Furthermore, methods such as Weighted Average, Gated Mixture of Experts, and Neural Greedy Selector closely followed the top performer, reinforcing the conclusion that ensemble frameworks—especially those integrating attention-aware and meta-learning components—provide a powerful, scalable, and dependable solution for phishing detection. These findings affirm that combining heterogeneous models in a thoughtfully constructed ensemble is essential for addressing the complexities of modern phishing attacks.

References

[1] O. Sahingoz, E. Buber, and E. Kugu, \"DEPHIDES: Deep Learning Based Phishing Detection System,\" IEEE Access, pp. 1–1, 2024. doi: 10.1109/ACCESS.2024.3352629. [2] Y. Zhou, Y. Zhang, J. Xiao, Y. Wang, and W. Lin, \"Visual Similarity Based Anti-phishing with the Combination of Local and Global Features,\" in 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, China, 2014, pp. 189–196. doi: 10.1109/TrustCom.2014.28. [3] G. Varshney, M. Misra, and P. K. Atrey, \"Improving the accuracy of Search Engine based anti-phishing solutions using lightweight features,\" in 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), Barcelona, Spain, 2016, pp. 365–370. doi: 10.1109/ICITST.2016.7856731. [4] W. Liu, X. Deng, G. Huang, and A. Y. Fu, \"An antiphishing strategy based on visual similarity assessment,\" IEEE Internet Computing, vol. 10, no. 2, pp. 58–65, Mar.–Apr. 2006. doi: 10.1109/MIC.2006.23. [5] E. Medvet, E. Kirda, and C. Kruegel, \"Visual-similarity-based phishing detection,\" in Proc. 4th Int. Conf. Security Privacy Commun. Netw. (SecureComm \'08), New York, NY, USA, 2008, pp. 1–6. doi: 10.1145/1460877.1460905. [6] M. SatheeshKumar, K. G. Srinivasagan, and G. UnniKrishnan, \"A lightweight and proactive rule-based incremental construction approach to detect phishing scam,\" Inf. Technol. Manag., vol. 23, no. 4, pp. 271–298, Dec. 2022. doi: 10.1007/s10799-021-00351-7. [7] M. Moghimi and A. Y. Varjani, \"New rule-based phishing detection method,\" Expert Syst. Appl., vol. 53, pp. 231–242, 2016. doi: 10.1016/j.eswa.2016.01.028. [8] N. A. Azeez, S. Misra, I. A. Margaret, L. Fernandez-Sanz, and S. M. Abdulhamid, \"Adopting automated whitelist approach for detecting phishing attacks,\" Comput. Secur., vol. 108, Sep. 2021. doi: 10.1016/j.cose.2021.102328. [9] R. S. Rao and A. R. Pais, \"Jail-Phish: An improved search engine based phishing detection system,\" Comput. Secur., vol. 83, pp. 246–267, Jun. 2019. doi: 10.1016/j.cose.2019.02.011. [10] Y. Huang, Q. Yang, J. Qin, and W. Wen, \"Phishing URL Detection via CNN and Attention-Based Hierarchical RNN,\" in 2019 18th IEEE Int. Conf. Trust, Security and Privacy in Comput. Commun. (TrustCom/BigDataSE), Rotorua, New Zealand, 2019, pp. 112–119. doi: 10.1109/TrustCom/BigDataSE.2019.00024. [11] O. K. Sahingoz, E. Buber, O. Demir, and B. Diri, \"Machine learning based phishing detection from URLs,\" Expert Syst. Appl., vol. 117, pp. 345–357, 2019. doi: 10.1016/j.eswa.2018.09.029. [12] S. Singh, M. P. Singh, and R. Pandey, \"Phishing Detection from URLs Using Deep Learning Approach,\" in 2020 5th Int. Conf. Comput., Commun. Security (ICCCS), Patna, India, 2020, pp. 1–4. doi: 10.1109/ICCCS49678.2020.9277459. [13] S. Asiri, Y. Xiao, S. Alzahrani, and T. Li, \"PhishingRTDS: A real-time detection system for phishing attacks using a Deep Learning model,\" Comput. Secur., vol. 141, 2024. doi: 10.1016/j.cose.2024.103843. [14] A. B. Majgave and N. L. Gavankar, \"Automatic phishing website detection and prevention model using transformer deep belief network,\" Comput. Secur., vol. 147, 2024. doi: 10.1016/j.cose.2024.104071. [15] Anti-Phishing Working Group, \"Phishing Attacks Trends Report-Q2 2022,\" Sep. 2022. Accessed: Oct. 15, 2022. [Online]. Available: https://apwg.org/trendsreports/ [16] Cloudflare, \"2023 Phishing Threats Report,\" Oct. 1, 2023. Accessed: [Online]. Available: https://www.cloudflare.com/lp/2023-phishing-report/ [17] M. Volkamer, K. Renaud, B. Reinheimer, and A. Kunz, \"User experiences of TORPEDO: Tooltip-powered phishing email detection,\" Comput. Secur., vol. 71, pp. 100–113, Nov. 2017. doi: 10.1016/j.cose.2017.02.004. [18] N. Q. Do, A. Selamat, O. Krejcar, E. Herrera-Viedma, and H. Fujita, \"Deep learning for phishing detection: Taxonomy, current challenges and future directions,\" IEEE Access, vol. 10, pp. 36429–36463, 2022. doi: 10.1109/ACCESS.2022.3151903. [19] T. Mahara, V. L. H. Josephine, R. Srinivasan, P. Prakash, A. D. Algarni, and O. P. Verma, \"Deep vs. shallow: A comparative study of machine learning and deep learning approaches for fake health news detection,\" IEEE Access, vol. 11, pp. 79330–79340, 2023. doi: 10.1109/ACCESS.2023.3298441. [20] G. Vrban?i?, \"Phishing Websites Dataset,\" Mendeley Data, V1, 2020. doi: 10.17632/72ptz43s9v.1. [21] N. Abdelhamid, A. Ayesh, and F. Thabtah, \"Phishing detection based associative classification data mining,\" Expert Syst. Appl., vol. 41, no. 13, pp. 5948–5959, Oct. 2014. doi: 10.1016/j.eswa.2014.03.019

Copyright

Copyright © 2025 M. Robin Raj Paul, Dr. K. Santhi Sree. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.