Detection of Phishing Domains Using Hybridised Deep Learning

Techniques
T J Ayo O D Alowolodu
The Federal University of Technology, The Federal University of Technology,
Nigeria. Nigeria.
[email protected] [email protected]

Abstract In the 21st century, the growing demand for

technology and the desire to connect globally have
Over the years series of attacks has been launched significantly increased user reliance on digital
by attackers in order to steal from users, one of the media [1], [2]. While digitization offers
most prevalent attacks is the phishing attacks, this convenience, this dependence can become
phishing attacks is has become alarming, various hazardous over time [3]. While digital media
approaches has been used to curb this menace but enables us to connect with others and gain
non has actually provide the best solution to this knowledge across various interests, the increasing
threatening cybercrime such as phishing and reliance on technology and the widespread use of
therefore the need for better system tools to devices connected to the internet have also
counter such approaches is paramount. This heightened our vulnerability to cyberattacks. The
research proposes the use of deep learning growth of the Internet of Things (IoT) and other
techniques using Convolutional Neural Networks emerging technologies has introduced new
(CNN), Gated Recurrent Units (GRU), and hybrid vulnerabilities, emphasizing the need for
models of CNN-GRU in detecting phishing individuals and organizations to remain vigilant
domains. The efficient feature extraction abilities against cyber threats [4] which pose significant
of CNNs help in the usage of URL structures where dangers to regular users [5]. Phishers primarily
spatial relations exist, whilst the sequential exploit familiarity through social engineering,
structural formulation of domain names is modeled capitalizing on users' psychological and behavioral
using GRUs. CNN-GRU model Their integration tendencies [6].
allows the local pattern detection of the CNN to be Typically, the initiation of a phishing attack starts
meshed with the long sequence utilization of GRU with an email that seems to be sent to the victim by
for better accuracy. All models are subjected to an authentic source and then requests an update of
standard datasets for phishing with conclusive user information accessing through the link sent.
performance metrics such as Detection Rate (DR), Phishers use many different techniques to initiate
Precision, Recall, F1-Score, and Accuracy. The phishing attacks; the main methods used are email,
system utilized two datasets small and large SMS, social media, instant messaging, search
datasets. In this regard, a hybrid CNN-GRU model engines, and malicious websites [7]. The spear
did show better resilience against phishing phishing is a highly targeted form of phishing
attempts than its singular counterparts on a small attack [7]. Rather than sending more phishing
dataset with an accuracy of 0.9440 while CNN emails to anyone, the phisher sends spoofed emails
0.9337 and GRU 0.9402. For the larger datasets to consumers that appear to originate from
CNN outperformed the other two models with an somebody they know [8]. Attackers have proven
accuracy of 0.9382 while GRU had 0.9026 and that relying solely on legal frameworks to curb
CNN-GRU settled for 0.9261. phishing crimes is insufficient. This highlights the
need to detect malicious domains through their
The primary aim of this paper is to evaluate URLs and contents to prevent attacks by using
standalone models and hybridized model on two robust techniques to detect and prevent such attacks
datasets (small and large) to know which of hence the proposed Deep Learning techniques.
datasets they can perform better in detecting
phishing attacks. 2. Literature Review
Keywords-Deep Learning; Hybrid Approach; The significant growth of internet usage has led to
Phishing Domains Detection. its proliferation by attackers. Phishing has been a
significant form of attack due to the level of
1. Introduction awareness of the victims about cyber ethics.
Various approaches had been employed to curb this
menace of which we have the traditional approach model, a process that was both complex and time-
and the machine learning approach. consuming.
[12], presented a paper, “Effective Phishing Emails
Detection Method,” presents a robust approach to
2.1 Traditional Approach detecting phishing emails by leveraging advanced
feature extraction and selection techniques. The
Blacklisting methods, content-based methods, core of their method lies in the use of the Term
heuristic approaches, and conventional machine Frequency-Inverse Document Frequency (TF-IDF)
learning techniques have been proposed to prevent scheme, which is a well-established technique for
phishing attacks, as highlighted by [9]. Heuristic- weighting features in text data. This approach
based approaches detect abnormalities on a website effectively highlights the importance of specific
by applying a collection of rules derived from long- terms in an email relative to their occurrence across
term observation. The challenge with this method a larger corpus, thus aiding in distinguishing
is its tendency to produce high false positives. phishing emails from legitimate ones. The Random
Blacklisting and Heuristic approaches were the Forest (RF) algorithm employed in their study
known methods for phishing domains detection. achieved an impressive accuracy of 99.46%, which
Phishing solutions like the Phish Tank till today is particularly noteworthy given that it was applied
make use of this techniques. However, considering to a validated dataset.
the time to detect, confirm and publish malicious [13], “Phishing Attacks: A Recent Comprehensive
URLs in the database. To address the shortcomings Study and a New Anatomy” The research aim to
of the traditional methods, researchers have turn to evaluate phishing attacks by identifying the current
machine learning approaches for phishing state and reviewing existing phishing techniques.
detection. This anatomy provides a wider outlook for
phishing attacks and provides an accurate
2.2 Machine Learning Approach definition covering end-to-end exclusion and
realization of the attack. The study classified
Due to the fact that machine learning can learn phishing attacks according to fundamental phishing
from large data and accurately predict outcome, it mechanisms and countermeasures discarding the
has become a better choice over the traditional importance of the end-to-end lifecycle of phishing.
method that were in use. However, machine [14], “Using a Machine Learning Model for
learning methods usually use feature selection to Malicious URL Type Detection” 2022- The
extract sensitive information. When the URL-based research aim at developing an automatic detection
features are converted to a feature vector, those of malicious URLs, using machine learning
features can be directly applied to a machine approaches. The method employs random forest
learning algorithm. and decision tree as core mechanisms and is
Research by [10] tackled the challenge of detecting evaluated on a combined benign and malicious
phishing websites using machine learning URL dataset. The k-fold cross-validation technique
techniques. The higher accuracy of the Random was applied to the dataset and generated used a
Forest model demonstrates its robustness and 30/70 ratio for the testing/training subsets.
ability to handle the complexity of phishing Selected feature sets applied on supervised
detection. However, the work could not handle classification on a ground truth dataset yields a
large dataset as there is a tendency for the model's classification accuracy of 97 % with a low false
performance to degrade. This suggests that while positive rate.
Random Forests are highly accurate in controlled In [15], in his paper titled “Phishing Email
scenarios, they may struggle with scalability. Detection Based on Binary Search Feature
A work by [11] introduced a "Next Generation Selection,” explores an innovative approach to
Phishing Detection and Prevention System" using detecting phishing emails using Binary Search
machine learning techniques. To achieve this, they Feature Selection (BSFS) in combination with a
developed models using Random Forests (RF), Pearson correlation coefficient algorithm for
Decision Trees (DT), and Logistic Regression ranking features. The detection process itself relied
(LR). Additionally, they created an automatic on the BSFS algorithm, which has proven to be
Chrome plugin that acts as a one-stop solution by effective in many phishing detection studies. While
identifying and classifying URLs as either more complex feature selection methods may
malicious or safe. Their findings revealed that the enhance detection accuracy, they may also
Random Forest classifier outperformed the other introduce practical challenges related to
models, delivering the highest accuracy with fewer computational resources and processing time.
false negative results. To achieve the high accuracy All these necessitated the proposed Deep learning
results, they had to prune the Random Forest approach.
2.3 Deep Learning Approach with the UCL dataset consisting of 20 rows and 31
columns, and the PhishTank dataset consisting of
Deep learning is a subset of machine learning that 10 rows and 112 columns.
uses multilayered neural networks, called deep [20], the study introduces a novel hybrid approach
neural networks, to simulate the complex decision- for phishing URL detection using Long Short-Term
making power of the human brain, and some form Memory (LSTM) and Gated Recurrent Units
of deep learning powers most of the artificial (GRU). The research explores three non-hybrid
intelligence (AI) applications in our lives today deep learning models (CNN 1D, LSTM, and GRU)
[16]. Some examples of the deep learning system and four hybrid models (GRU-LSTM, LSTM-
are image classification (CNN is used for such a LSTM, BI(GRU)-LSTM, and BI(LSTM)-LSTM).
task), Natural Language Processing (GRU, LSTM A dataset comprising 58,645 samples with 111
and Transformers models are best for such a task), features was used. The BI(GRU)-LSTM hybrid
Autonomous Driving (CNN can be best used for model emerged as the best performer, achieving an
such a task), Time-series Prediction (RNN, GRU accuracy of 93.91%, precision of 93.94%, recall of
and LSTM algorithms to predict future values on 93.38%, and an F1-Score of 93.66%. However, the
past temporal data), Robotics and Control Systems model's accuracy declined with the validated
(Dee Q-networks, Policy Gradient Methods are datasets, indicating that it did not generalize well
used for such tasks), for Phishing detection during training.
systems, algorithms such as 1D-CNN, GRU,
LSTM has over the time proving to be amongst the
best deep learning models for prediction.
3. Methodology
A work by [17] explores the use of Convolutional A comprehensive review of the existing phishing
Neural Networks (CNN) for phishing detection. detection system was carried out. The phishing
The study involved converting feature vectors into detection methodology involves a series of
images, using a dataset of 1,353 real-world URLs processes, including collection of data sets, Pre-
with 10 features, sourced from the UCI Machine Processing, feature extraction methods for selecting
Learning Repository. The CNN model achieved a the required set of features and deep learning DL
classification accuracy of 86.5%. Despite the small classifiers for classifying the input data into defined
dataset, the 2D CNN showed suboptimal data categories. The data for the research was
performance with an accuracy of 86.5%. obtained from kaggle.com, Phishing_1 (small) and
In [18] focused on developing three deep learning Phishing_legitimate_full (large) datasets was used
algorithms—CNN, Logistic Regression, and Linear to train and test the model. The large dataset
Regression—for detecting phishing attacks. The contains 111 features from 88648 webpage
researcher utilized 10,000 legitimate and 10,000 instances while the small datasets contains 48
phishing websites from the PhishTank platform and features extracted from 10001 webpage instances.
developed the models using Amazon EMR. In Thereafter, the collected data was pre-processed
terms of performance, Logistic Regression using min-max method for data normalization to
achieved the highest accuracy at 99.97%, followed scale down values of phishing data within a
by CNN at 98.00%, and Linear Regression at specified range of zero (0) and one (1) as captured
96.62%. in equation (1)

2.3 Hybrid Approach ' v−min a

v= (1)
max a−min a
In [19] a hybrid deep learning approach was
employed, CNN and LSTM models was use to where v ' represents the normalized value, v denotes
detect spoofing website URLs in real-time the observed value (that is, the value to be
applications. The study leveraged the combined normalized), max aandmin a are maximum and
strengths of CNN and LSTM for improved minimum values of attribute a respectively. After
detection accuracy. The implementation was done
normalization, feature selection was applied on the
using Keras, Tensorflow, Pandas, Numpy, and
normalized data to select relevant phishing data
Scikit-learn. The hybrid CNN-LSTM model
using information gain. The information is
achieved superior performance, with 98.9%
compiled by determining the entropy of the entire
accuracy on the UCL dataset and 96.8% accuracy
on the Phishing dataset. In comparison, standalone training data (T ). This process involves computing
CNN and LSTM models yielded lower accuracies: the probability of the data with respect to the
CNN achieved 90.4% (UCL) and 89.3% classes in the data as captured in equation (2) and
(Phishing), while LSTM reached 94.6% (UCL) and (3)
92.6% (Phishing). The datasets used were small,
 Pi=¿ ci , T ∨ ¿ ¿ ci = ReLU(Conv1D(e,wi,bi)) (4)
¿ T ∨¿ ¿
Where: e is the input, ci is the output of the i-th
(2)
convolutional layer, wi and bi are the convolutional
m filter weights and biases, respectively, and Conv1D
E ( T )=−∑ pi log 2 p i (3) performs the 1-dimensional convolution operation
i=1 across the input sequence e.

where T is the training set, pi represents the B. Gated Recurrent Unit (GRU)
probability that a sample in T belong to a distinct
class c i, E ( T ) represents the entropy of T , and m The Gated Recurrent Unit (GRU) is a type of
represents the total number of distinct classes in T . recurrent neural network (RNN) architecture
designed to model sequential data, much like the
In this study dropouts were used inside the deep
Long Short-Term Memory (LSTM) network.
learning models to reduce the overfitting by
However, GRU offers a simpler and more
removing certain features randomly by making
computationally efficient architecture. While
them zero.
LSTM maintains a separate memory cell state that
The reduced data feature set will be passed into the is updated through three gates (input, output, and
three (3) Deep Learning model concurrently for forget gates), GRU streamlines this process by
training and Testing. using only two gates: the reset gate and the update
gate. The reset gate controls the amount of the
previous hidden state to forget, and the update gate
determines how much of the new information
should be incorporated into the hidden state.

^y = σ (Wo ⋅ hT + bo) (5)

where Wo and bo are weights and biases of the

output layer, after processing the entire sequence
of features, the final hidden state h T (where T is
“Figure 1. Proposed System Architecture the sequence length) will be used as input to a
(Chandrasekaran and Kalla 2023)” fully connected layer followed by a sigmoid
activation function (σ) to output the probability of
3.1 Data Split the domain being phishing.
The process involves splitting the dataset into
training and test set using splitting ratio 70:30. The
C. Hybrid CNN-GRU
training set was apportioned 70% of the dataset Detecting phishing domains using a CNN-GRU
while the test set took the remaining 30%. Hence, (Convolutional Neural Network - Gated Recurrent
for Phishing_1 instance count for training is Unit) involves combining the capabilities of both
62,053, while that for testing is 26,595. For architectures to process sequential data effectively.
Phishing_Legitimate_full instance count for The entire model is trained end-to-end using
training is 7,000 was for training and 3,000 was backpropagation and optimization techniques such
used for testing. as gradient descent (Adam). This approach
involves using the shared layer of the two models.
A. Convolutional Neural Network To achieve this using CNN for features extraction
(CNN) and the GRU models is used for classification.

Convolutional Neural Network (CNN) is a

specialized type of deep learning neural network
that is particularly well-suited for tasks involving
grid-like data structures, such as images and video.
1D Convolutional Neural Network (CNN) was
used for phishing domain classification, the first
input was 1D CNN which was applied to
effectively capture patterns and features from the
sequential input data as represented in equation (4).
“Figure 5. Hybridized CNN-GRU
Architecture (Yerima et al., 2021)”
To achieve the above Model in figure 5, the r t¿ σ (Wr⋅[ht-1,xt]) (12)
following steps are to be applied.
~ ¿ tanh¿ ⋅[rt ⊙ ht−1 , xt ]¿
ht h (13)
i. Input Layer:
~
Let the input domain data be represented as a
ht=(1−zt )⊙ ht−1+ zt ⊙ ht (14)
sequence of characters or words: ~
Here, z t is the update gate, r t is the reset gate, h t
X ={x 1, x 2 , x 3 , … , xT } is the candidate activation, and ht is the final
(6) hidden state.

where T is the length of the input sequence (e.g., vi. Dense Layers:
the domain name).
The GRU's final hidden state hT is passed through
ii. Embedding Layer: one or more dense layers:

The input is passed through an embedding layer to d=f(Wd⋅hT+bd) (15)

transform it into a continuous vector space:
where Wd is the weight matrix, bd is the bias, and f
E( X )={e 1 ,e 2, e 3 ,… ,eT } (7) is a non-linear activation function.

where ei ∈ Rd is the embedded vector

representation of the i -th input element, and d is the vii. Output Layer:
dimensionality of the embedding space.
The final dense layer output is passed through a
iii. CNN Layers: sigmoid function to obtain a probability for binary
classification (phishing or legitimate):
~y = σ(Wo⋅d+bo)
Convolutional Layer: The input to the
convolutional layer is the embedded sequence (16)
E(X). The 1D convolution operation applies a filter
W of size k (kernel size) to extract local features: where Wo is the weight matrix of the output layer,
and σ is the sigmoid function:
ht= f (W⋅E( xt :t +k ¿+¿ b) (8)
3.3 Evaluation Metrics
Where W is the convolution filter, b is the bias, f is
a non-linear activation function (ReLU), and t:t+k The performance evaluation of the model was
represents a window of k elements. carried out based on the following metrics which
are presented as follows:
Max Pooling Layer: Max pooling is applied to
reduce the dimensionality and retain the most TP+ TN
important features: ACC=
TP+TN + FP+ FN
(17)
pt¿ max ¿ t:t+m¿ (9)

where m is the pooling size.

TP
Precision= (18)
TP+ FP
iv. Flatten:
TP
After the convolution and max-pooling layers, the Recall=
TP+ FN
resulting feature map is flattened into a 1D vector: (19)
F= flatten¿ }) (10) 2∗(Recall∗Precision)
F 1=
(Recall+ Precision)
where n is the number of features after pooling. (20)
v. GRU Layer: where True positive (TP) represents an attack data
detected as attack, True negative (TN) represents
The flattened output is passed through a GRU layer
normal data detected as normal, False positive (FP)
to capture sequential dependencies. In the GRU,
represents normal data detected as attack, and False
the following operations occur at each time step t : Negative (FN) is denoted as an attack data detected
as normal.
z t¿ σ ¿z⋅[ht−1 , xt ]¿ (11)
4. Results and Discussion
4.1 Training Results
The training results was to determine the accuracy
and loss during training of the models on 70% of
the datasets apportioned for training the models to
ascertain if the models are learning as shown in
figure 6 to figure 8.
Loss: The loss started higher in the initial epochs
and decreased over time, indicating that the model
is learning and its predictions are becoming more
accurate.
Accuracy: The accuracy started lower and
increased with each epoch, reflecting improvement
in the model's performance.

Figure 8: Training Result for CNN-GRU

4.2 Test Result

This section comprises analysis of the test result for
the two datasets.
Confusion matrix is a summary of predicted results
on classification. Its shows the number of phishing
and non-phishing, categorized each class, making it
Figure 6: Training Result for GRU useful for understanding performance of a
classification.
The ROC curve gives an understanding of the
trade-offs between true positive and false positive.
A. Confusion matrix and ROC Curves for
Phishing_legitimate_full
The Confusion Matrix and ROC curves for
Phishing_legitimate_full Dataset is shown on
figure 9 to figure 14, it is a graphical representation
of the confusion matrixes and ROC curve the
whose result is summarized in figure 22.

Figure 7: Training Result for CNN

Figure 9: Confusion matrix for CNN on

Phishing_Legitimate_full
 Figure 10: ROC Curve for CNN on
Phishing_Legitimate_full Figure 13: Confusion matrix for CNN-
GRU on Phishing_Legitimate_full

Figure 14: ROC curve for CNN-GRU on

Phishing_Legitimate_full
Figure 11: Confusion matrix for GRU on B. Confusion matrix and ROC Curves for
Phishing_Legitimate_full Phishing_1
The Confusion Matrix and ROC curves for
Phishing_1 Dataset are shown in figures 16 to
figure 21. It shows how the confusion matrixes and
ROC was used for evaluation of the models and the
ROC curve shows the graph of true positive against
true negative. The result is summarized in figure
22.

Figure 12: ROC curve for GRU on

Phishing_Legitimate_full
 Figure 19: Confusion Matrix on GRU for
Figure 16: Confusion Matrix on CNN for Phishing_1
Phishing_1

Figure 17: ROC for CNN on Phishing_1 Table 1: Test Result from the two Datasets
Figure 20: Confusion Matrix for CNN-GRU on
Phishing_1

Figure 18: Confusion Matrix on GRU for

Phishing_1
Figure 21: ROC for CNN-GRU on
Phishing_1

4.3 Result Comparison and Discussion

Figure 22 represents a tabular representation of the
results that were gotten from both datasets using
the appropriate evaluation techniques.
 0.98 Result Comaprison
0.96
0.94
0.92
0.9
0.88
0.86
0.84
0.82
0.8
0.78
CNN GRU CNN-GRU CNN GRU CNN-GRU
Phishing_1 from Kaggle.com Phishing_ Legitimate_full from
Dr Recall F1-score Accuracy Kaggle.com

Figure 21: Graph for Test Result Comparison

4.4 Discussion of Test Results model is robust in distinguishing between phishing

and legitimate URLs.
The results present the performance of three GRU Model: The GRU model shows a Detection
models (CNN, GRU, and CNN-GRU) across two Rate (DR) of 0.9444, which is slightly higher than
phishing datasets from Kaggle: Phishing_1 and CNN’s 0.9035. However, the Recall (0.9388) is
Phishing_Legitimate_full. The metrics used for marginally lower than CNN. With an F1-Score of
evaluation are Detection Rate (DR), Recall, F1- 0.9416 and an Accuracy of 0.9402, the GRU model
Score, and Accuracy. performs slightly better overall than CNN in terms
of Accuracy and F1-Score, showcasing its ability to
1. Phishing_1 Dataset effectively model sequential data.
CNN Model: This model exhibits a high Recall CNN-GRU Hybrid Model: The CNN-GRU model
(0.9746), which means it performs well in combines the strengths of both CNN and GRU,
identifying true positive phishing URLs of phishing yielding the best overall performance in this
domains. The F1-Score of 0.9377 and an Accuracy dataset. It achieves the highest Detection Rate
of 0.9337 indicate that the CNN model balances (0.9506), F1-Score (0.9450), and Accuracy
precision and recall effectively, suggesting that the (0.9440). This indicates that the hybrid model
effectively captures both spatial features (through
CNN) and sequential dependencies (through GRU), be required to optimize model performance across
making it more effective for phishing URL different datasets.
detection in the Phishing_1 dataset.
5. Conclusion

2. Phishing_Legitimate_full Dataset As phishing techniques become increasingly

sophisticated, the combination of deep learning and
CNN Model: The CNN model shows strong cybersecurity will be crucial in staying ahead of
performance in this dataset as well, with an cybercriminals and protecting critical digital assets
Accuracy of 0.9382 and an F1-Score of 0.9100. from exploitation. The result form the two data sets
However, compared to the Phishing_1 dataset, its show that standalone models is more efficient in
Recall is lower (0.9084), suggesting it is slightly large data sets while the Hybridized model had a
less effective at identifying true positive phishing noticeable advantage of the standalone models
URLs in this dataset. when small data is involved.
GRU Model: The GRU model shows a decrease in
performance here, with a DR of 0.8462 and a 6. Future work
Recall of 0.8760. The Accuracy drops to 0.9026,
which is significantly lower compared to its To enhance more detection systems essenbling
performance in the Phishing_1 dataset. This approaches can be applied and also deep learning
suggests that the GRU model struggles more with models, such as GRUs and CNNs, usually operates
this dataset, likely due to its complexity or as black boxes, making it difficult to explain why a
differences in data distribution. particular domain or email was flagged as phishing,
CNN-GRU Hybrid Model: In this dataset, the explain ability tools such as LIME (Local
CNN-GRU hybrid model continues to outperform Interpretable Model-agnostic Explanations) or
GRU but not CNN. The hybrid model achieves a SHAP (Shapley Additive explanations) can be
Recall of 0.9414, which is the highest among all integrated to provide insights into which features or
models for this dataset, indicating its strong ability parts of the domain name/URL influenced the
to identify phishing URLs. The Accuracy (0.9261) model’s decision.
and F1-Score (0.8975) are lower than CNN’s, but it
still strikes a balance between precision and recall. 7. References
The CNN-GRU hybrid model consistently
[1] Mathura, K., & Arunkumar, V. (2023). Cyber
outperforms the individual CNN and GRU models
security in the age of digitalization. International
in the Phishing_1 dataset, indicating that
Journal of Computer Applications, 178(5), 12–17.
combining convolutional and recurrent layers
offers better performance for phishing URL [2] Pinki, A. (2019). Digital media and its effects on
detection. This is likely due to the hybrid model’s society. Journal of Digital Media Studies, 9(2), 45–53.
ability to capture both spatial features and
sequential dependencies. [3] Shankhwar, P. (2023). Hazards of over-reliance on
In the Phishing_Legitimate_full dataset, while digital technologies. Journal of Cyber Psychology, 7(1),
CNN shows strong performance, the hybrid 22–29.
model’s higher Recall (0.9414) suggests that it [4] Shweta, R., Chaudhary, R., & Bhattacharya, A.
excels in phishing detection, though at the cost of a (2021). Understanding the dual nature of digital
slightly lower F1-Score and Accuracy compared to technologies. International Journal of Information
CNN. Technology, 13(2), 100–110.
The GRU model performs notably worse in the
Phishing_Legitimate_full dataset compared to [5] Saqib, M., Ali, M., & Gupta, R. (2023).
Phishing_1, which may indicate that it struggles Vulnerabilities in the age of IoT: An analysis. Journal of
with more complex or diverse datasets. Internet Security, 15(3), 150–158
The results indicate that while CNN and GRU
models perform well individually, the CNN-GRU [6] Andy, T. (2023). Cybersecurity in emerging
hybrid model provides superior performance in technologies. Tech Insights, 8(4), 45–52.
detecting phishing Domains, particularly in
datasets like Phishing_1 where both spatial and [7] Prenali, A., & Soni, R. (2023). Cyber threats to
temporal information is crucial. However, the everyday users. Cybersecurity Journal, 6(1), 70–78.
performance difference in the
[8] Alessandro, L. (2020). Social engineering in cyber
Phishing_Legitimate_full dataset suggests that
attacks. Cybersecurity Review, 11(2), 102–107.
dataset characteristics can significantly influence
the models' effectiveness, and further tuning may
[9] Apandi, S. H., Sallim, J., & Sidek, R. (2020). Types [15] Sonowal, G. (2020). Phishing email detection based
of anti-phishing solutions for phishing attack. IOP on binary search feature selection. SN Computer Science,
Conference Series: Materials Science and Engineering, 1(4). https://doi.org/10.1007/s42979-020-00194-z
769(1), 012072.
https://doi.org/10.1088/1757-899X/769/1/012072 [16] Kulkarni, A. D. (2022). Convolution neural
networks for phishing detection. International Journal of
[10] Alnemari, S., & Alshammari, M. (2023). Detecting Advanced Computer Science and Applications, 14(4).
phishing domains using machine learning. Applied https://doi.org/10.14569/IJACSA.2023.0140403.
Sciences, 13(8), 4649.
https://doi.org/10.3390/app13084649 [17] Sabah, A. (2021). Phishing attack detection using
deep learning. International Journal of Cyber Security,
[11] Tyagi, S., Tyagi, R. K., Dutta, P. K., & Dubey, P. 13(1), 99–107.

(2023). Next generation phishing detection and [18] Dilhara, S. (2021). Phishing URL detection: A
prevention system using machine learning. In 2023 1st novel hybrid approach using long short-term memory
and gated recurrent units. International Journal of
International Conference on Advanced Innovations in Computer Applications, 183(44), 41–54.
Smart Cities https://doi.org/10.5120/ijca2021921859
(ICAISC).IEEE,https://doi.org/10.1109/ICAISC56366.2
[19] Ujah-Ogbuagu, U., et al. (2024). A hybrid deep
023.10085529 learning technique for spoofing website URL detection
in real-time applications. IEEE Access, 12(4), 123–135.
[12] Dalia, M., Rahman, H., and Iftikhar, M. (2021).
[20] Dalia, M., and Bhandari, D. (2021). Effective
Detecting malicious URLs using machine learning
phishing emails detection method. International Journal
techniques: Review and research directions. ACM
of Computer Applications, 182(2), 25-30.
Computing Surveys, 54(6), 1-35.
https://doi.org/10.5120/ijca2021922153
https://doi.org/10.1145/3447945

[21] Kalla, D., & Chandrasekaran, A., (2023). Heart

[13] Zainab, A., Sadiq, M., and Babar, M. (2021).
disease prediction using chi-square test and linear
Phishing attacks: A recent comprehensive study and a
regression. Department of Computer Science, Colorado
new anatomy. Journal of Computer Networks and
Technical University, Colorado, USA. DOI:
Communications, 2021, Article ID 8843635.
10.5121/csit.2023.130712.
https://doi.org/10.1155/2021/8843635

[22] Yerima, S.Y., Alzaylaee, M.K.; Shajan, A. Vinod.

[14] Suet, P., Lim, Y., and Chua, Y. (2022). Using a
P., (2021). Deep Learning Techniques for Android
machine learning model for malicious URL type
Botnet Detection. Electronics. 10, 519.
detection. Journal of Network and Computer
https://doi.org/10.3390/electronics 10040519
Applications, 205, 103317.
https://doi.org/10.1016/j.jnca.2022.103317