A Novel AI Model for Improved Phishing Detection Accuracy: A Hybrid Approach
DOI:
https://doi.org/10.65879/3070-5789.2025.01.03Keywords:
Phishing Detection, AI Models, Deep Learning, CNN-LSTM, URL Analysis, Explainable AIAbstract
Phishing attacks continue to pose significant risks, necessitating advanced detection methods capable of identifying zero-day threats. This paper proposes a Hybrid Convolutional Neural Network-Long Short-Term Memory (CNN-LSTM) model specifically designed to enhance URL-based phishing detection accuracy. The model leverages the strengths of both architectures: the CNN component extracts local, character-level lexical features, while the LSTM component captures the sequential and structural context of the URL string. The model is rigorously evaluated on a comprehensive, 26,473-row balanced dataset derived from the PhishTank public archive. When benchmarked against traditional ML and single-architecture DL baselines, the proposed CNN-LSTM model achieved a superior F1-Score of 0.982 and a Recall of 0.991. Architectural specifics and a quantitative analysis of computational overhead are provided for full reproducibility. The paper concludes by emphasizing future work in Explainable AI (XAI) and privacy-preserving methods to ensure the responsible and ethical deployment of high-performance security systems.
References
[1] Alabahri AS, Duhaim AM, Fadhel MA, Alnoor A, Baqer NS, Alzubaidi L, Albahri OS, Alamoodi AH, Bai J, Salhi A, Santamaría J, Ouyang C, Gupta A, Gu Y, Deveci M. A Systematic Review of Trustworthy and Explainable Artificial Intelligence in Healthcare: Assessment of Quality, Bias Risk, and Data Fusion. Information Fusion 2023; 96(1).
https://doi.org/10.1016/j.inffus.2023.03.008
[2] Alabdan R. Phishing Attacks Survey: Types, Vectors, and Technical Approaches. Future Internet 2020; 12(10): 168.
https://doi.org/10.3390/fi12100168
[3] Alkhalil Z, Hewage C, Nawaf L, Khan I. Phishing Attacks: a Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science 2021; 3(1): 1-23. https://www.frontiersin.org/journals/computer-science/articles/10.3389/fcomp.2021.563060/full
[4] Castaño F, Fernañdez EF, Alaiz-Rodríguez R, Alegre E. PhiKitA: Phishing Kit Attacks Dataset for Phishing Websites Identification. IEEE Access 2023; 11: 40779-40789.
https://doi.org/10.1109/ACCESS.2023.3268027
[5] Cui Q, Jourdan G-V, Bochmann GV, Onut I-V, Flood J. Phishing Attacks Modifications and Evolutions. Computer Security 2018; 243-262.
https://doi.org/10.1007/978-3-319-99073-6_12
[6] Gupta C, Johri I, Srinivasan K, Hu Y-C, Qaisar SM, Huang K-Y. A Systematic Review on Machine Learning and Deep Learning Models for Electronic Information Security in Mobile Networks. Sensors 2022; 22(5): 2017.
https://doi.org/10.3390/s22052017
[7] Irani D, Webb S, Giffin J, Pu C. Evolutionary Study of Phishing. 2008 eCrime Researchers Summit, Atlanta, GA, USA 2008; 1-10.
https://doi.org/10.1109/ECRIME.2008.4696967
[8] Rahman MM, Dhakal K, Gony NM, Shuvra MKS, Rahman MM. AI Integration in Cybersecurity Software: Threat Detection and Response. International Journal of Innovative Research and Scientific Studies (IJIRSS) 2025; 8(3).
https://doi.org/10.53894/ijirss.v8i3.7403
[9] Khan AI, Al-Badi A. Open Source Machine Learning Frameworks for Industrial Internet of Things. Procedia Computer Science 2020; 170: 571-577.
https://doi.org/10.1016/j.procs.2020.03.127
[10] Naidu G, Zuva T, Sibanda EM. A Review of Evaluation Metrics in Machine Learning Algorithms. Lecture Notes in Networks and Systems 2023; 724: 15-25.
https://doi.org/10.1007/978-3-031-35314-7_2
[11] Pazhohan H. Global Data Protection Standards: A Comparative Analysis of GDPR and Other International Privacy Laws. Legal Studies in Digital Age 2023; 2(3): 1-12. https://jlsda.com/index.php/lsda/article/view/17
[12] Tian K, Jan STK, Hu H, Yao D, Wang G. Needle in a Haystack. Proceedings of the Internet Measurement Conference 2018.
https://doi.org/10.1145/3278532.3278569
[13] Wu C-H. Behavior-based Spam Detection Using a Hybrid Method of Rule-based Techniques and Neural Networks. Expert Systems with Applications 2009; 36(3): 4321-4330.
https://doi.org/10.1016/j.eswa.2008.03.002
[14] Zhang Z, Hamadi HA, Damiani E, Yeun CY, Taher F. Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research. IEEE Access 2022; 10: 93104-93139.
https://doi.org/10.1109/ACCESS.2022.3204051
[15] Dhakal K, Rahman MM, Rahman MM, Anam K, Rahman M, Poudel R. How Machine Learning is Transforming Cyber Threat Detection. World Journal of Advanced Engineering Technology and Sciences 2024; 13(2): 963-973.
https://doi.org/10.30574/wjaets.2024.13.2.0581
[16] Rahman MM, Gony NM, Rahman MM, Rahman MM, Shuvra MKS. Natural language processing in legal document analysis software: A systematic review of current approaches, challenges, and opportunities. International Journal of Innovative Research and Scientific Studies (IJIRSS) 2025; 8(3).
https://doi.org/10.53894/ijirss.v8i3.7702
[17] Rahman M, Ullah S, Nahar S, Hossain MS, Rahman M, Rahman M. The Role of Explainable AI in Cyber Threat Intelligence: Enhancing Transparency and Trust in Security Systems. World Journal of Advanced Research and Reviews 2025; 23(2): 2897-2907.
https://doi.org/10.30574/wjarr.2024.23.2.2404
[18] Almohaimeed M, Albalwy F, Algulaiti L, Althubyani S. Phishing URL Detection Using Deep Learning: A Resilient Approach to Mitigating Emerging Cybersecurity Threats. International Information and Engineering Technology Association (IIETA) 2025; 30(5): 1219-1227.
https://doi.org/10.18280/isi.300510
[19] Alsadig AH, Ahmad MO. Phishing URL Detection Using Deep Learning with CNN Models (2024). Second International Conference on Intelligent Cyber Physical Systems and Internet of Things (ICoICI) 2024; pp. 1-6. IEEE.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
