PhishHunter-XLD: An ensemble approach integrating machine learning and deep learning for phishing URL classification

Franklin Open Pub Date : 2025-09-01 DOI:10.1016/j.fraope.2025.100349

Tirth Doshi , Vishva Patel , Nemil Shah , Debabrata Swain , Debabala Swain , Biswaranjan Acharya

{"title":"PhishHunter-XLD: An ensemble approach integrating machine learning and deep learning for phishing URL classification","authors":"Tirth Doshi , Vishva Patel , Nemil Shah , Debabrata Swain , Debabala Swain , Biswaranjan Acharya","doi":"10.1016/j.fraope.2025.100349","DOIUrl":null,"url":null,"abstract":"<div><div>Phishing continues to pose a significant cybersecurity threat by deceiving users into disclosing sensitive information through maliciously crafted URLs. Traditional detection methods, including blacklists and heuristic analyses, have proven inadequate against evolving phishing techniques due to their reliance on static patterns and manual updates. In this study, a weighted voting ensemble framework has been proposed, integrating semantic feature extraction using DistilBERT with classical machine learning classifiers (XGBoost) and deep learning models (LSTM) to enhance phishing URL detection. Model complementarity has been leveraged XGBoost captures explicit lexical features, LSTM models sequential dependencies, and DistilBERT extracts contextual semantics resulting in an adaptive decision boundary that improves generalization and reduces false positives. Extensive experiments conducted on large-scale benchmark datasets, such as the “Phishing Site URLs” and “Malicious URLs” datasets, have demonstrated that the proposed ensemble framework achieves a detection accuracy of 99.83% with low computational latency. Furthermore, the system has been deployed via Streamlit, providing a real time, interactive interface for cybersecurity practitioners. Future work will explore optimization strategies, including model pruning, quantization, and adversarial training, to further enhance efficiency, scalability, and resilience against emerging zero-day phishing techniques.</div></div>","PeriodicalId":100554,"journal":{"name":"Franklin Open","volume":"12 ","pages":"Article 100349"},"PeriodicalIF":0.0000,"publicationDate":"2025-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Franklin Open","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2773186325001379","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Phishing continues to pose a significant cybersecurity threat by deceiving users into disclosing sensitive information through maliciously crafted URLs. Traditional detection methods, including blacklists and heuristic analyses, have proven inadequate against evolving phishing techniques due to their reliance on static patterns and manual updates. In this study, a weighted voting ensemble framework has been proposed, integrating semantic feature extraction using DistilBERT with classical machine learning classifiers (XGBoost) and deep learning models (LSTM) to enhance phishing URL detection. Model complementarity has been leveraged XGBoost captures explicit lexical features, LSTM models sequential dependencies, and DistilBERT extracts contextual semantics resulting in an adaptive decision boundary that improves generalization and reduces false positives. Extensive experiments conducted on large-scale benchmark datasets, such as the “Phishing Site URLs” and “Malicious URLs” datasets, have demonstrated that the proposed ensemble framework achieves a detection accuracy of 99.83% with low computational latency. Furthermore, the system has been deployed via Streamlit, providing a real time, interactive interface for cybersecurity practitioners. Future work will explore optimization strategies, including model pruning, quantization, and adversarial training, to further enhance efficiency, scalability, and resilience against emerging zero-day phishing techniques.

查看原文本刊更多论文

PhishHunter-XLD：一种集成了机器学习和深度学习的网络钓鱼URL分类方法

网络钓鱼通过恶意制作的url欺骗用户泄露敏感信息，继续构成重大的网络安全威胁。传统的检测方法，包括黑名单和启发式分析，由于依赖于静态模式和手动更新，已被证明不足以应对不断发展的网络钓鱼技术。在本研究中，提出了一个加权投票集成框架，将使用蒸馏器的语义特征提取与经典机器学习分类器（XGBoost）和深度学习模型（LSTM）相结合，以增强网络钓鱼URL检测。模型互补性得到了利用。XGBoost捕获显式词汇特性，LSTM为顺序依赖关系建模，而蒸馏器提取上下文语义，从而产生自适应的决策边界，从而改进泛化并减少误报告。在大规模基准数据集（如“Phishing Site URLs”和“Malicious URLs”数据集）上进行的大量实验表明，所提出的集成框架在低计算延迟的情况下，检测准确率达到99.83%。此外，该系统已通过Streamlit进行部署，为网络安全从业者提供了一个实时的交互式界面。未来的工作将探索优化策略，包括模型修剪、量化和对抗性训练，以进一步提高效率、可扩展性和抵御新兴零日网络钓鱼技术的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Franklin Open

自引率

0.00%

发文量