Phishing is still one of the most common and dan-gerous cyberattacks. Trick users through fake websites that look like real platforms. Traditional detection methods are based on blacklistsormanualURLchecks,whichoftenmissnewlycreated phishingsites.Toovercometheseissues,thisworksuggestsareal time phishing detection Google Chrome extension powered by a Gated Recurrent Unit (GRU) deep learning model.
The system captures the URL of a webpage and examines it using lexical and structural features like URL length and special characters. These features are normalized and analyzed by a trained GRU model to recognize sequential URL patterns for accurate classification of real and phishing links. The trained model is changed into TensorFlow.js format and directly inte-grated into the browser extension, allowing prediction on the device without needing a server.
The main goal is to provide a lightweight, smart, and privacy-friendly phishing detection system that works entirely on the client side. By using GRU’s ability to find hidden sequential patterns, the system improves detection accuracy compared to older machine learning methods.
Experimentalresultsshowdetectionaccuracyover95 This work highlights the uniqueness of combining GRU-based deep learning with a fully client side browser extension, allowing for real time, privacy focused protection. The model can be retrained with new datasets to keep up with changing phishing strategies, providing a scalable and smart solution for modern web security.
Introduction
This study presents a real-time phishing detection system that uses a Gated Recurrent Unit (GRU)-based deep learning model integrated into a Google Chrome extension to identify malicious URLs. With the rapid growth of internet services and online transactions, phishing attacks have become a major cybersecurity threat, causing financial losses and compromising user privacy. Traditional detection methods, such as blacklists and rule-based systems, are limited in their ability to detect newly emerging phishing websites.
The proposed system analyzes the lexical and structural characteristics of URLs and processes them using a GRU neural network, which is effective at learning sequential patterns in character strings. The framework consists of several stages: URL dataset collection, feature extraction, preprocessing and normalization, GRU model training, evaluation, and deployment through TensorFlow.js for client-side execution. Key URL features include length, subdomains, special characters, IP usage, HTTPS presence, suspicious keywords, and URL-shortening indicators.
A balanced dataset of 10,000 URLs (5,000 phishing and 5,000 legitimate) was used for training and testing. The GRU model architecture includes a GRU layer with 64 hidden units, dropout regularization, dense layers, and a sigmoid output layer for binary classification. The trained model was embedded into a Chrome extension that automatically scans visited URLs and provides real-time alerts indicating whether a website is safe, suspicious, or phishing.
Experimental results demonstrate strong performance, achieving 95.8% accuracy, 95.1% precision, 94.6% recall, and 94.8% F1-score. The confusion matrix showed low false-positive and false-negative rates, confirming the model’s effectiveness. Compared to traditional blacklist-based and rule-based approaches, the GRU-based system provides better adaptability to new phishing threats while maintaining user privacy through local browser-based inference. Overall, the proposed framework offers an accurate, scalable, and privacy-preserving solution for real-time phishing detection in modern web environments.
Conclusion
Thispaperintroducedareal-timephishingwebsitedetection system that uses a Gated Recurrent Unit (GRU) deep learning model in a Chrome browser extension. Unlike traditional blacklist and rule-based detection methods, the proposed sys-tem examines lexical and structural URL features to find hiddenphishingpatterns.AGRUnetworkallowsforeffective sequentialpatternlearning, whichimproves detectionaccuracy and lowers misclassification.
Experimentalevaluationshowedthatthemodelachievedan accuracyof95.8%,alongwithhighprecisionandrecallvalues, proving its ability to reliably separate phishing URLs from legitimate websites. Moreover, deploying the trained model with TensorFlow.js allows it to run on the client side in the browser,whichensuresreal-timedetection,betterprivacy,and independence from third-party APIs or external servers. The developed system offers a lightweight, scalable, and practical solution for protecting users against rising phishing attacks in modern web environments.
References
[1] M.Sahingoz,B.Buber,O.Demir,andB.Diri,“Machinelearningbasedphishing detection from URLs,” Expert Systems with Applications, vol.117, pp. 345–357, 2019.
[2] A. K. Jain and B. B. Gupta, “Phishing detection: analysis of visualsimilarity based approaches,” Security and Communication Networks,vol. 2017, pp. 1–20, 2017.
[3] “What’sinaURL:FastfeatureextractionandmaliciousURLdetection,”in Proc. IEEE Intl. Conf. Big Data, 2017, pp. 3683–3686.
[4] S. Hochreiter and J. Schmidhuber, “Long short-term memory,” NeuralComputation, vol. 9, no. 8, pp. 1735–1780, 1997.
[5] K.Choetal.,“LearningphraserepresentationsusingRNNen-coder–decoder for statistical machine translation,” in Proc. EMNLP,2014, pp. 1724–1734.
[6] J. Ma, L. K. Saul, S. Savage, and G. M. Voelker, “Beyond blacklists:Learning to detect malicious web sites from suspicious URLs,” in Proc.ACM SIGKDD, 2009, pp. 1245–1254.
[7] M.Young,TheTechnicalWriter’sHandbook.MillValley,CA:Univer-sity Science, 1989.