A Hybrid MLSELM and Threat Intelligence Integration System for Real-Time Zero-Day Phishing Detection

Abstract

Phishing remains a significant cybersecurity issue with attackers exploiting social engineering to pressurize users into disclosing personally identifiable information. This paper provides a refined Chrome Extension which uses machine learning as well as real-time threat intelligence (TI) in its endeavors to ascertain phishing. The system employs the Multi-Layer Stacked Ensemble Learning Model (MLSELM) with TF-IDF-based features and gathers real-time data through threat intelligence APIs, including PhishTank and OpenPhish. The Flask server creates an interface that lets you make real-time alerts for multiple zero-day phishing URLs. This lets you use the ML model and combine the API outputs. This hybrid model makes it easier to respond to threats, lowers the risk of false negatives, and gives users better protection. Keyword- Phishing, Machine Learning, Threat Intelligence, Chrome Extension, MLSELM, Real-time Detection.

Introduction

Phishing attacks are increasingly sophisticated, frequently changing URLs, domain names, and content to bypass traditional security systems. Rule-based or blacklist approaches are ineffective against new, unseen threats. Machine learning (ML), particularly ensemble models like Random Forest, XGBoost, and Multilayer Stacked Ensemble Learning Model (MLSELM), has proven effective in detecting phishing through URL-based and content-based feature analysis. However, ML models struggle to identify zero-day phishing URLs not present in training data.

Proposed Hybrid System:
To address these limitations, the system integrates real-time Threat Intelligence (TI) feeds from platforms such as PhishTank and OpenPhish with the MLSELM framework. A Flask-based backend fuses predictions from the ML model and TI feeds, enabling adaptive, real-time detection of new phishing domains. The system is deployed as a Chrome Extension, providing immediate alerts and classifying URLs as Safe, Suspicious, or Phishing.

Key Features:

• ML Ensemble: Combines XGBoost and Random Forest via MLSELM for high accuracy and robust predictions.

• Real-Time Threat Intelligence: Validates URLs against verified phishing feeds to detect zero-day attacks.

• TF-IDF Feature Extraction: Captures lexical and structural URL patterns indicative of phishing.

• Hybrid Fusion Logic: Merges ML predictions and TI verification for improved accuracy and reduced false negatives.

• User Interface: Chrome Extension delivers real-time alerts with color-coded feedback (green = safe, red = phishing).

Datasets:

• Hybrid datasets from UCI ML Repository and Kaggle for training.

• Live phishing data from PhishTank and OpenPhish to simulate zero-day conditions.

Methodology:

1. Extract TF-IDF features from URLs.

2. Train ML models (XGBoost, Random Forest) individually and as part of MLSELM.

3. Fuse predictions with real-time TI feeds for adaptive detection.

4. Deploy backend via Flask, connected to a Chrome Extension for front-end user interaction.

Results:

• MLSELM + Threat Intelligence achieved 98.9% accuracy, outperforming individual classifiers.

• Reduced false negatives and enhanced zero-day phishing detection.

• Provides fast, scalable, and reliable real-time cybersecurity for everyday users.

Conclusion

This paper proposes a Hybrid MLSELM Threat intelligent system designed to detect phishing attacks with high accuracy by integrated ensemble machine learning with live threat verification feeds to deliver strong precision and resilience against zero-day phishing attempts. implemented as a chrome extension it provides users with real time reliable protection during wed browsing. The result demonstrate that the hybrid intelligence approach significance improves both detection precision and overall cybersecurity effectiveness

References

[1] M. Almousa and M. Anwar, \"A URL-based social semantic attacks detection with character-aware language model,\" *IEEE Access*, vol. 11, Jan. 2023. [2] M. Ok, I. Kara, and A. Ozaday, \"Characteristics of understanding URLs and domain names features: The detection of phishing websites with machine learning methods,\" *IEEE Access*, vol. 10, Nov. 2022. [3] O. K. Sahingoz, E. Buber, and E. Kugu, \"DEPHIDES: Deep learning based phishing detection system,\" *IEEE Access*, vol. 12, Jan. 2024 [4] A. Karim, S. B. Belhaouari, M. Shahroz, K. Mustofa, and S. R. Joga, \"Phishing detection system through hybrid machine learning based on URL,\" *IEEE Access*, vol. 11, Mar. 2023. [5] S. Bell and P. Komisarczuk, \"An analysis of phishing blacklists: Google Safe Browsing, OpenPhish, and PhishTank,\" in Proc. Australas. Comput. Sci. Week Multiconf. (ACSW), Melbourne, VIC, Australia. New York, NY, USA: Association for Computing Machinery, 2020, Art. no. 3. [6] M. Aminu, O. Oyedokun, A. Akinsanya, and D. Apaleokhai, “Enhancing Cyber Threat Detection through Real-time Threat Intelligence and Adaptive Defense Mechanisms,” Int. J. Comput. Appl. Technol. Res., vol. 13, no. 8, 2024. [7] L. Tang and Q. H. Mahmoud, \"A deep learning-based framework for phishing website detection,\" in Proc. IEEE, 2023. [8] R. Zieni, L. Massari, and M. C. Calzarossa, \"Phishing or not phishing? A survey on the detection of phishing websites,\" *IEEE Access*, vol. 11, ,2023. [9] C. Ma et al., \"Phishing website detection based on deep learning technique,\" IEEE Access, vol. 8, 2020 [10] “Staying Ahead of Phishers: A Review of Recent Advances and Phishing Detection,” Appl. Intell., Springer, 2024. [11] P. Maneriker, J. W. Stokes, E. G. Lazo, D. Carutasu, F. Tajaddodianfar, and A. Gururajan, \"URLTran: Improving phishing URL detection using transformers,\" IEEE, Jun. 2021. [12] W. Guo, Q. Wang, H. Yue, H. Sun, and R. Q. Hu, \"Efficient phishing URL detection using graph-based machine learning and loopy belief propagation,\" IEEE, Jan. 2025. [13] B. T. Mummadi and N. Puligundla, \"Detection of phishing websites using supervised learning,\" Int. J. Intell. Syst. Appl. Eng., 2022. [14] “Unveiling Suspicious Phishing Attacks: Enhancing Detection with an Optimal Feature Vectorization Algorithm,” Frontiers in Computer Science, 2024. [15] M. A. Daniel, S.-C. Chong, L.-Y. Chong, and K.-K. Wee, \"Optimising phishing detection: A comparative analysis of machine learning methods with feature selection,\" J. Informatics Web Eng., Feb. 2025. [16] Wenhao Li, S. Manickam, Y.-W. Chong, W. Leng, and P. Nanda, “A state-of-the-art review on phishing website detection techniques,” IEEE Access, vol. 12, Dec. 2024. [17] Machine Learning Techniques for Phishing Detection: Strengthening Threat Intelligence Sharing Mechanisms,” Security Journal, 2025. [18] D. J. Dsouza, A. P. Rodrigues, and R. Fernandes, \"Multi- modal comparative analysis on execution of phishing detection using artificial intelligence,\" IEEE Access, vol. 12, Nov. 2024. [19] A. Author1, B. Author2, and C. Author3, \"BGL- PhishNet: Phishing website detection using hybrid model— BERT, GNN, and LightGBM,\" IEEE Access, vol. 11, Dec. 2023 [20] B. Lim, R. Huerta, A. Sotelo, et al., “EXPLICATE: Enhancing Phishing Detection through Explainable AI and LLM-Powered Interpretability,” arXiv preprint arXiv:2503.20796, 2025 [21] A. Jain and V. Gupta, “A hybrid CNN-XGBoost model for phishing URL classification,” IEEE Access, vol. 12, 2024. [22] H. AlEroud and M. Karabatis, “Integrating threat intelligence with machine learning for cyberattack detection,” Computers & Security, Elsevier, 2023. [23] Z. Zhou, L. Han, and P. Kumar, “Real-time phishing detection using transformer-based feature encoding,” Expert Systems With Applications, vol. 236, 2024. [24] R. Shanthamallu et al., “Ensemble learning for cybersecurity threat detection: A survey,” ACM Computing Surveys, 2023 [25] A. Singh and M. Sharma, “A lightweight phishing detection model for browser extensions using ML and TI feeds,” Springer: Neural Computing & Applications, 2024.

Copyright

Copyright © 2025 Dr. Vairam T, Lakshmi Priya S. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.