HyDNN: A Hybrid Deep Learning Approach for Phishing URL Detection
Downloads
Phishing is an online attack in which attackers trick victims into disclosing their sensitive information, such as credentials, financial portal pins, and OTPs, with the intention of identity or financial theft, jeopardizing reputations, and posing a risk to netizens. As the stakes are high, attackers invest considerable effort and time in committing organized crimes to steal valuable user information. The research carried out aims to detect phishing websites using machine learning and deep learning models. In this research, the classification models are applied to three different phishing website datasets, namely the Mendeley phishing dataset and the UCI dataset, which belong to binary classification, and one dataset that falls under multi-class classification. These datasets are publicly available for research. A custom data set is also prepared from recently available websites to reduce the potential bias in the already available data set. The reason for choosing a publicly available dataset is to validate and compare the results obtained from the custom dataset. To optimize the process, various feature selection techniques and dimensional reduction methods are applied, and a comparison of all approaches is summarized. Performance metrics are used for binary and multi-class classification, and then the outcomes obtained are summarized. The Random Forest model performs well with most feature selection techniques by achieving the best accuracy of 98.24% using the embedded feature selection approach for the Mendeley data set, 94.78% for the UCI data set, and 90.57% for the custom data set. Hence, using Random Forest as the base model, deep learning approaches, namely, CNN and LSTMs, are used to check the efficiency. This study shows that the proposed Hybrid Deep Neural Network approach, HyDNN, performs better, providing the best result with an accuracy of 98.87% for the Mendeley dataset, 97.63% for the UCI dataset, and 93.77% for the custom dataset.
Downloads
[1] Ali, M. M., & Mohd Zaharon, N. F. (2024). Phishing—A Cyber Fraud: The Types, Implications and Governance. International Journal of Educational Reform, 33(1), 101–121. doi:10.1177/10567879221082966.
[2] CloudFare. (2023). 2023 Phishing Threats Report. CloudFare, San Francisco, United States. Available online: https://cf-assets.www.cloudflare.com/slt3lc6tev37/17i1am3UMltoOE7UOU1neX/5776ab933524b3cf99ee85eaaedc76f6/BDES-4838_2023_Phishing-Threats-Report-2023.pdf (accessed on May 2026).
[3] Skula, I., & Kvet, M. (2023). Domain Blacklist Efficacy for Phishing Web-page Detection Over an Extended Time Period. 2023 33rd Conference of Open Innovations Association (FRUCT), 257–263. doi:10.23919/FRUCT58615.2023.10142999.
[4] IC3 (2026). Annual Reports, Internet Crime Complaint Center (IC3), Washington, United States. Available online: https://www.ic3.gov/AnnualReport/Reports (accessed on May 2026).
[5] Almseidin, M., Zuraiq, A. A., Al-Kasassbeh, M., & Alnidami, N. (2019). Phishing detection based on machine learning and feature selection methods. International Association of Online Engineering, Vienna, Austria.
[6] Patil, D. R., & Patil, J. B. (2016). Malicious Web Pages Detection Using Static Analysis of URLs. International Journal of Information Security and Cybercrime, 5(2), 57–70. doi:10.19107/ijisc.2016.02.06.
[7] Alsenani, T. R., Ayon, S. I., Yousuf, S. M., Anik, F. B. K., & Chowdhury, M. E. S. (2023). Intelligent feature selection model based on particle swarm optimization to detect phishing websites. Multimedia Tools and Applications, 82(29), 44943–44975. doi:10.1007/s11042-023-15399-6.
[8] Qi, Q., Wang, Z., Xu, Y., Fang, Y., & Wang, C. (2023). Enhancing Phishing Email Detection through Ensemble Learning and Undersampling. Applied Sciences (Switzerland), 13(15), 8756. doi:10.3390/app13158756.
[9] Tudosi, A.-D., Graur, A., Balan, D. G., & Potorac, A. D. (2023). An Email Classification Framework for Phishing Detection in Virtualized Network Environments. 2023 22nd RoEduNet Conference: Networking in Education and Research (RoEduNet), 1–5. doi:10.1109/RoEduNet60162.2023.10274915.
[10] Wang, J. (2022). An Improved Genetic Algorithm for Web Phishing Detection Feature Selection. 2022 Asia Conference on Algorithms, Computing and Machine Learning (CACML), 130–134. doi:10.1109/CACML55074.2022.00029.
[11] Alani, M. M., & Tawfik, H. (2022). PhishNot: A Cloud-Based Machine-Learning Approach to Phishing URL Detection. Computer Networks, 218, 109407. doi:10.1016/j.comnet.2022.109407.
[12] Maennel, O. M., & Matulevicius, R. A. (2026). New Heuristic Based Phishing Detection Approach Utilizing Selenium Web-driver. GitHub, Inc. Available online: https://github.com/nf1s/selenium_phishing_detector (accessed on May 2026).
[13] Dadkhah, M., Shamshirband, S., & Wahab, A. W. A. (2016). A hybrid approach for phishing web site detection. Electronic Library, 34(6), 927–944. doi:10.1108/EL-07-2015-0132.
[14] Chandrasegar, T., & Viswanathan, P. (2019). Dimensionality reduction of a phishing attack using decision tree classifier. 2019 Innovations in Power and Advanced Computing Technologies (I-PACT), 1–4. doi:10.1109/i-PACT44901.2019.8960117.
[15] Calzarossa, M. C., Giudici, P., & Zieni, R. (2024). Explainable machine learning for phishing feature detection. Quality and Reliability Engineering International, 40(1), 362–373. doi:10.1002/qre.3411.
[16] Karim, A., Shahroz, M., Mustofa, K., Belhaouari, S. B., & Joga, S. R. K. (2023). Phishing Detection System Through Hybrid Machine Learning Based on URL. IEEE Access, 11, 36805–36822. doi:10.1109/access.2023.3252366.
[17] Pandey, P., & Mishra, N. (2023). Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learning. International Journal of Information Security, 22(4), 881–891. doi:10.1007/s10207-023-00672-4.
[18] Basit, A., Zafar, M., Javed, A. R., & Jalil, Z. (2020). A Novel Ensemble Machine Learning Method to Detect Phishing Attack. 2020 IEEE 23rd International Multitopic Conference (INMIC), 1–5. doi:10.1109/INMIC50486.2020.9318210.
[19] Adewole, K. S., Akintola, A. G., Salihu, S. A., Faruk, N., & Jimoh, R. G. (2019). Hybrid Rule-Based Model for Phishing URLs Detection. Emerging Technologies in Computing, iCETiC 2019, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Springer, Cham, Switzerlsnd. doi:10.1007/978-3-030-23943-5_9.
[20] Dsouza, D. J., Rodrigues, A. P., & Fernandes, R. (2024). Multi-modal comparative analysis on execution of phishing detection using artificial intelligence. IEEE Access, 12, 163016-163041. doi:10.1109/ACCESS.2024.3491429.
[21] Soosai Anandaraj, A. P., Ramesh, P. S., Arifulla, S., Madhuri, C. G., & Yeshwanth Malepati, N. (2024). Phishing Detection System Through Hybrid Machine Learning Based on URL. 2024 Third International Conference on Electrical, Electronics, Information and Communication Technologies (ICEEICT), 1–7. doi:10.1109/ICEEICT61591.2024.10718484.
[22] Catal, C., Giray, G., Tekinerdogan, B., Kumar, S., & Shukla, S. (2022). Applications of deep learning for phishing detection: a systematic literature review. Knowledge and Information Systems, 64(6), 1457–1500. doi:10.1007/s10115-022-01672-x.
[23] Do, N. Q., Selamat, A., Krejcar, O., Herrera-Viedma, E., & Fujita, H. (2022). Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions. IEEE Access, 10, 36429–36463. doi:10.1109/ACCESS.2022.3151903.
[24] Ozcan, A., Catal, C., Donmez, E., & Senturk, B. (2023). A hybrid DNN–LSTM model for detecting phishing URLs. Neural Computing and Applications, 35(7), 4957–4973. doi:10.1007/s00521-021-06401-z.
[25] Prabakaran, M. K., Meenakshi Sundaram, P., & Chandrasekar, A. D. (2023). An enhanced deep learning-based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders. IET Information Security, 17(3), 423–440. doi:10.1049/ise2.12106.
[26] Nguyen, M., Nguyen, T., & Nguyen, T. H. (2018). A deep learning model with hierarchical LSTMs and supervised attention for anti-phishing. arXiv Preprint, arXiv:1805.01554. doi:10.48550/arXiv.1805.01554.
[27] Ariyadasa, S., Fernando, S., & Fernando, S. (2024). SmartiPhish: a reinforcement learning-based intelligent anti-phishing solution to detect spoofed website attacks. International Journal of Information Security, 23(2), 1055–1076. doi:10.1007/s10207-023-00778-9.
[28] Bountakas, P., & Xenakis, C. (2023). HELPHED: Hybrid Ensemble Learning Phishing Email Detection. Journal of Network and Computer Applications, 210, 103545. doi:10.1016/j.jnca.2022.103545.
[29] Al-Sarem, M., Saeed, F., Al-Mekhlafi, Z. G., Mohammed, B. A., Al-Hadhrami, T., Alshammari, M. T., Alreshidi, A., & Alshammari, T. S. (2021). An optimized stacking ensemble model for phishing websites detection. Electronics (Switzerland), 10(11), 1285. doi:10.3390/electronics10111285.
[30] Feng, F., Zhou, Q., Shen, Z., Yang, X., Han, L., & Wang, J. Q. (2024). The application of a novel neural network in the detection of phishing websites. Journal of Ambient Intelligence and Humanized Computing, 15(3), 1865–1879. doi:10.1007/s12652-018-0786-3.
[31] Sahingoz, O. K., Buber, E., & Kugu, E. (2024). DEPHIDES: Deep Learning Based Phishing Detection System. IEEE Access, 12, 8052–8070. doi:10.1109/ACCESS.2024.3352629.
[32] Kritika, E. (2025). A comprehensive literature review on ransomware detection using deep learning. Cyber Security and Applications, 3(4), 315–343. doi:10.1016/j.csa.2024.100078.
[33] Korkmaz, M., Kocyigit, E., Sahingoz, O. K., & Diri, B. (2022). A Hybrid Phishing Detection System Using Deep Learning-based URL and Content Analysis. Elektronika Ir Elektrotechnika, 28(5), 80–89. doi:10.5755/j02.eie.31197.
[34] Zhou, J., Cui, H., Li, X., Yang, W., & Wu, X. (2023). A Novel Phishing Website Detection Model Based on LightGBM and Domain Name Features. Symmetry, 15(1), 180. doi:10.3390/sym15010180.
[35] Bahaghighat, M., Ghasemi, M., & Ozen, F. (2023). A high-accuracy phishing website detection method based on machine learning. Journal of Information Security and Applications, 77, 103553. doi:10.1016/j.jisa.2023.103553.
[36] Abdul Samad, S. R., Balasubaramanian, S., Al-Kaabi, A. S., Sharma, B., Chowdhury, S., Mehbodniya, A., Webber, J. L., & Bostani, A. (2023). Analysis of the Performance Impact of Fine-Tuned Machine Learning Model for Phishing URL Detection. Electronics (Switzerland), 12(7), 1642. doi:10.3390/electronics12071642.
[37] Elsadig, M., Ibrahim, A. O., Basheer, S., Alohali, M. A., Alshunaifi, S., Alqahtani, H., Alharbi, N., & Nagmeldin, W. (2022). Intelligent Deep Machine Learning Cyber Phishing URL Detection Based on BERT Features Extraction. Electronics (Switzerland), 11(22), 3647. doi:10.3390/electronics11223647.
[38] Ramana, A. V., Rao, K. L., & Rao, R. S. (2021). Stop-Phish: an intelligent phishing detection method using feature selection ensemble. Social Network Analysis and Mining, 11(1), 110. doi:10.1007/s13278-021-00829-w.
[39] Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G., & Alghamdi, A. (2021). Hybrid Rule-Based Solution for Phishing URL Detection Using Convolutional Neural Network. Wireless Communications and Mobile Computing, 2021(1), 8241104. doi:10.1155/2021/8241104.
[40] Wurzenberger, M., Höld, G., Landauer, M., & Skopik, F. (2024). Analysis of statistical properties of variables in log data for advanced anomaly detection in cyber security. Computers & Security, 137, 103631. doi:10.1016/j.cose.2023.103631.
[41] Yoosuf, M. S., Vijaya, P., & Mani, J. (2025). DML-IDS: Distributed Multi-Layer Intrusion Detection System for Securing Healthcare Infrastructure. Emerging Science Journal, 9(6), 3157–3173. doi:10.28991/ESJ-2025-09-06-016.
[42] Mohammad, R. M., Thabtah, F., & McCluskey, L. (2016). An improved self-structuring neural network. Trends and Applications in Knowledge Discovery and Data Mining, PAKDD 2016, Lecture Notes in Computer Science, Springer, Cham, Switzerland. doi:10.1007/978-3-319-42996-0_4.
[43] Frank, A. (2010). UCI machine learning repository. University of California, Irvine, United States. Available online: https://archive.ics.uci.edu/ (accessed on May 2026).
[44] Erickson, B. J., & Kitamura, F. (2021). Magician’s corner: 9. performance metrics for machine learning models. Radiology: Artificial Intelligence, 3(3), 200126. doi:10.1148/ryai.2021200126.
[45] Kumar, A. (2024). Phishing Website Dataset. Kaggle, San Francisco, United States. Available online: https://www.kaggle.com/datasets/akashkr/phishing-website-dataset (accessed on May 2026).
[46] Dsouza, D. J. (2024). Phising. Kaggle, San Francisco, United States. Available online: https://www.kaggle.com/datasets/divyajenniferdsouza1/phishing (accessed on May 2026).
[47] Alsariera, Y. A., Balogun, A. O., Adeyemo, V. E., Tarawneh, O. H., & Mojeed, H. A. (2022). Intelligent Tree-Based Ensemble Approaches for Phishing Website Detection. Journal of Engineering Science and Technology, 17(1), 563–582.
[48] Khan, S. A., Khan, W., & Hussain, A. (2020). Phishing Attacks and Websites Classification Using Machine Learning and Multiple Datasets (A Comparative Analysis). Intelligent Computing Methodologies, 301–313. doi:10.1007/978-3-030-60796-8_26.
[49] Salihovic, I., Serdarevic, H., & Kevric, J. (2018). The Role of Feature Selection in Machine Learning for Detection of Spam and Phishing Attacks. Advanced Technologies, Systems, and Applications III, 476–483. doi:10.1007/978-3-030-02577-9_47
[50] Hutchinson, S., Zhang, Z., & Liu, Q. (2018). Detecting Phishing Websites with Random Forest. Machine Learning and Intelligent Communications, 470–479. doi:10.1007/978-3-030-00557-3_46.
[51] Al-Sarem, M., Saeed, F., Al-Mekhlafi, Z. G., Mohammed, B. A., Al-Hadhrami, T., Alshammari, M. T., Alreshidi, A., & Alshammari, T. S. (2021). An Optimized Stacking Ensemble Model for Phishing Websites Detection. Electronics, 10(11), 1285. doi:10.3390/electronics10111285.
- This work (including HTML and PDF Files) is licensed under a Creative Commons Attribution 4.0 International License.
