Evaluating Deep Learning Models for Website Phishing Attack Detection: A Comparative Analysis
Keywords:
Deep learning models, Hybrid architectures, Phishing detection, Performance evaluation, Cybersecurity threats
Abstract
Phishing attacks remain a significant security threat in cyberspace, targeting individuals and businesses to steal confidential information. Traditional detection methods often struggle to identify newly created or altered phishing sites, highlighting the need for more adaptive solutions. This study evaluates the performance of various deep learning (DL) models for detecting online phishing attacks. A comparative analysis of single and hybrid DL models, including CNN, LSTM, BiGRU, and their combinations, is conducted. The evaluation is based on metrics such as accuracy, precision, recall, and F1-score, derived from 17 peer-reviewed publications published between 2019 and 2024. Results indicate that hybrid models, particularly ODAE-WPDC, exhibit superior performance, achieving accuracy rates of up to 99.28% and robust results across all metrics. Single models, such as CNN and BiGRU, also demonstrate strong performance, with accuracy ranging from 97% to 99.5%. This research underscores the efficacy of deep learning architectures in phishing detection and offers practical guidance for selecting optimal models based on specific requirements.
Downloads
References
Adebowale, M. A., Lwin, K. T., & Hossain, M. A. (2019). Deep Learning with Convolutional Neural Network and Long Short-Term Memory for Phishing Detection. 2019 13th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), 1–8. https://api.semanticscholar.org/CorpusID:211058598
Adebowale, M. A., Lwin, K. T., & Hossain, M. A. (2023). Intelligent phishing detection scheme using deep learning algorithms. Journal of Enterprise Information Management, 36(3), 747–766. https://doi.org/https://doi.org/10.1108/JEIM-01-2020-0036
Admin. (2024). Teknologi Deep Learning: Mendorong Batasan Inovasi di Berbagai Industri. Pusdasi.Uma.Ac.Id. https://pusdasi.uma.ac.id/teknologi-deep-learning-mendorong-batasan-inovasi-di-berbagai-industri/
Afinda, A. M. (2024). Neural Network: Cikal Bakal Revolusi Deep Learning. Www.Dicoding.Com. https://www.dicoding.com/blog/neural-network-cikal-bakal-revolusi-deep-learning/
Alabdan, R. (2020). Phishing attacks survey: Types, vectors, and technical approaches. Future Internet, 12(10), 168. https://doi.org/https://doi.org/10.3390/fi12100168
Ali, M. M., & Mohd Zaharon, N. F. (2024). Phishing A cyber fraud: The types, implications and governance. International Journal of Educational Reform, 33(1), 101–121. https://doi.org/https://doi.org/10.1177/10567879221082966
Aljofey, A., Jiang, Q., Qu, Q., & Huang, M. (2020). An Effective Phishing Detection Model Based on Character Level Convolutional Neural Network from URL. https://doi.org/10.3390/electronics9091514
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 563060. https://doi.org/https://doi.org/10.3389/fcomp.2021.563060
Almomani, A., Alauthman, M., Shatnawi, M. T., Alweshah, M., Alrosan, A., Alomoush, W., & Gupta, B. B. (2022). Phishing Website Detection With Semantic Features Based on Machine Learning Classifiers: A Comparative Study. Int. J. Semantic Web Inf. Syst., 18, 1–24. https://api.semanticscholar.org/CorpusID:246920682
Alqahtani, H., Alotaibi, S. S., Alrayes, F. S., Al-Turaiki, I., Alissa, K. A., Aziz, A. S. A., Maray, M., & Al Duhayyim, M. (2022). Evolutionary Algorithm with Deep Auto Encoder Network Based Website Phishing Detection and Classification. Applied Sciences (Switzerland), 12(15). https://doi.org/10.3390/app12157441
Alshingiti, Z., Alaqel, R., Al-Muhtadi, J., Haq, Q. E. U., Saleem, K., & Faheem, M. H. (2023). A Deep Learning-Based Phishing Detection System Using CNN, LSTM, and LSTM-CNN. Electronics (Switzerland), 12(1). https://doi.org/10.3390/electronics12010232
Alzubaidi, L., Zhang, J., Humaidi, A. J., Al-Dujaili, A., Duan, Y., Al-Shamma, O., Santamaría, J., Fadhel, M. A., Al-Amidie, M., & Farhan, L. (2021). Review of deep learning: concepts, CNN architectures, challenges, applications, future directions. Journal of Big Data, 8(1). https://doi.org/10.1186/s40537-021-00444-8
Amazon. (2024). Apa itu Deep Learning? Aws.Amazon.Com. https://aws.amazon.com/id/what-is/deep-learning/
Assefa, A., & Katarya, R. (2022). Intelligent Phishing Website Detection Using Deep Learning. 2022 8th International Conference on Advanced Computing and Communication Systems (ICACCS), 1, 1741–1745. https://doi.org/10.1109/ICACCS54159.2022.9785003
Chaudhary, S. (2012). Recognition of phishing attacks utilizing anomalies in phishing websites.
Citra. (2024). Deep Learning. Wangs.Id. https://www.wangs.id/literasi-bersama/apa-itu-deep-learning/
Do, N. Q., Selamat, A., Krejcar, O., Herrera-Viedma, E., & Fujita, H. (2022). Deep Learning for Phishing Detection: Taxonomy, Current Challenges and Future Directions. IEEE Access, 10, 36429–36463. https://doi.org/10.1109/ACCESS.2022.3151903
Do, N. Q., Selamat, A., Krejcar, O., Yokoi, T., & Fujita, H. (2021). Phishing Webpage Classification via Deep Learning-Based Algorithms: An Empirical Study. Applied Sciences. https://api.semanticscholar.org/CorpusID:244611674
Eka Purwiantono, F., & Tjahyanto, A. (2017). Model Klasifikasi untuk Deteksi Situs Phising di Indonesia. Institut Teknologi Sepuluh Nompember Surabaya, 156. https://doi.org/10.13140/RG.2.2.29627.52003
Feng, T., & Yue, C. (2020). Visualizing and interpreting RNN Models in URL-based phishing detection. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, 13–24. https://doi.org/10.1145/3381991.3395602
Gupta, B. B., Tewari, A., Jain, A. K., & Agrawal, D. P. (2017). Fighting against phishing attacks: state of the art and future challenges. Neural Computing and Applications, 28, 3629–3654. https://doi.org/https://doi.org/10.1007/s00521-016-2275-y
Hazzataqiy, H. (2024). Penerapan Deep Learning dalam Pengenalan Pola dan Analisis Data. Kompasiana.Com. https://www.kompasiana.com/hazzataqiyhiroshi4541/674586d5ed641506835ac272/penerapan-deep-learning-dalam-pengenalan-pola-dan-analisis-data
Hidayanto, A. C., Gamaliel, Y. Y., & Hutagalung, M. (2022). Pengembangan Deep Learning untuk Mendeteksi Situs Phising dengan Menggunakan Convolutional Neural Network. Institut Teknologi Harapan Bangsa. https://repository.ithb.ac.id/id/eprint/56/9/1318013_Paper-TA.pdf
Irawan, A. S. Y., Heryana, N., Hopipah, H. S., & Rahma, D. (2021). Identifikasi Website Phishing dengan Perbandingan Algoritma Klasifikasi. Syntax : Jurnal Informatika, 10(01), 57–67. https://doi.org/10.35706/SYJI.V10I01.5292
Iswahyudi, M. S., Irmawati, I., Widians, J. A., Mahendra, G. S., Pratiwi, M., Hayati, N., Pomalingo, S., Miranda, E., Waryono, W., & Yanuarsyah, H. I. (2023). Aplikasi Machine Learning di Berbagai Bidang: Solusi Cerdas Untuk Masa Depan. PT. Sonpedia Publishing Indonesia.
James, L. (2005). Phishing exposed. Elsevier.
Kara, I., Ok, M., & Ozaday, A. (2022). Characteristics of Understanding URLs and Domain Names Features: The Detection of Phishing Websites With Machine Learning Methods. IEEE Access, 10, 124420–124428. https://api.semanticscholar.org/CorpusID:253660812
Mahmud, A. F., & Wirawan, S. (2024). Deteksi Phishing Website menggunakan Machine Learning Metode Klasifikasi. Jurnal Sistem Informasi, 13, 1368–1380. https://sistemasi.ftik.unisi.ac.id/index.php/stmsi/article/viewFile/3456/781
Manoj, P., Bhuvan Kumar, Y., Rakshitha, D., & Megha, G. (2021). Detection and classification of phishing websites. Trends in Computer Science and Information Technology, 053–059. https://doi.org/10.17352/tcsit.000040
Mohammad, R. M., Thabtah, F., & McCluskey, L. (2015). Tutorial and critical analysis of phishing websites methods. Computer Science Review, 17, 1–24. https://doi.org/https://doi.org/10.1016/j.cosrev.2015.04.001
Mourtaji, Y., Bouhorma, M., Alghazzawi, D., Aldabbagh, G., & Alghamdi, A. (2021). Hybrid Rule-Based Solution for Phishing URL Detection Using Convolutional Neural Network. Wireless Communications and Mobile Computing, 2021. https://doi.org/10.1155/2021/8241104
Nada, M. (2019). Penerapan Deep Learning Menggunakan Convolutional Neural Network (CNN). Medium.Com. https://medium.com/@mukhlishatunnada02/penerapan-deep-learning-menggunakan-convolutional-neural-network-cnn-d02dc6532f5b
Nursyafitri, G. D. (2023). Memahami Deep Learning, Bagian Machine Learning. Dqlab.Id. https://dqlab.id/memahami-deep-learning-bagian-machine-learning
Opara, C. C., Chen, Y., & Bo.wei. (2020). Look Before You Leap: Detecting Phishing Web Pages by Exploiting Raw URL And HTML Characteristics. Expert Syst. Appl., 236, 121183. https://api.semanticscholar.org/CorpusID:226282035
Ozcan, A., Catal, C., Donmez, E., & Senturk, B. (2021). A hybrid DNN–LSTM model for detecting phishing URLs. Neural Computing and Applications. https://doi.org/10.1007/s00521-021-06401-z
Pilo, R. (2023). Deep Learning: Model AI yang Terinspirasi dari Otak Manusia. Phintraco.Com. https://phintraco.com/deep-learning/
Puskomedia. (2024). Machine Learning dan Deep Learning: Menambah Kehebatan Komputasi dan Analisis Data. Www.Puskomedia.Id. https://www.puskomedia.id/blog/machine-learning-dan-deep-learning-menambah-kehebatan-komputasi-dan-analisis-data/
Santoso, J. T. (2023). Teknologi Keamanan Siber (Cyber Security). Penerbit Yayasan Prima Agus Teknik, 1–173.
Somesha, M., Pais, A. R., Rao, R. S., & Rathour, V. S. (2020a). Efficient deep learning techniques for the detection of phishing websites. Sadhana - Academy Proceedings in Engineering Sciences, 45(1). https://doi.org/10.1007/s12046-020-01392-4
Somesha, M., Pais, A. R., Rao, R. S., & Rathour, V. S. (2020b). Efficient deep learning techniques for the detection of phishing websites. 45(1).
Sultana, R., Rahman, M. A., & Khan, M. I. (2023). Hybrid Model Based Phishing Websites Detection Using Deep Learning Technique. 2023 26th International Conference on Computer and Information Technology (ICCIT), 1–6. https://api.semanticscholar.org/CorpusID:268044677
Tang, L., & Mahmoud, Q. H. (2022). A Deep Learning-Based Framework for Phishing Website Detection. IEEE Access, 10, 1509–1521. https://doi.org/10.1109/ACCESS.2021.3137636
Tesfom, B., Belay, F., Daniel, S., Salem, R., & Otoum, S. (2023). Phishing Detection Using Deep Learning and Machine Learning Algorithms: Comparative Analysis. 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Tec, 684–689. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361457
Wahyuni, S., Darnila, E., Gustiana, Z., Prayoga, J., Saffiera, C. A., Eka, M., Fadhilah, C., & others. (2024). Data Science. Serasi Media Teknologi.
Wang, C., & Chen, Y. (2022). TCURL: Exploring hybrid transformer and convolutional neural network on phishing URL detection. Knowledge-Based Systems, 258. https://doi.org/10.1016/j.knosys.2022.109955
Wang, W., Zhang, F., Luo, X., & Zhang, S. (2019). PDRCNN: Precise Phishing Detection with Recurrent Convolutional Neural Networks. Security and Communication Networks, 2019. https://doi.org/10.1155/2019/2595794
Wu, T., Wang, M., Xi, Y., & Zhao, Z. (2022). Malicious URL Detection Model Based on Bidirectional Gated Recurrent Unit and Attention Mechanism. Applied Sciences (Switzerland), 12(23). https://doi.org/10.3390/app122312367
Yu, S., An, C., Yu, T., Zhao, Z., Li, T., & Wang, J. (2022). Phishing Detection Based on Multi-Feature Neural Network. 2022 IEEE International Performance, Computing, and Communications Conference (IPCCC), 73–79. https://doi.org/10.1109/IPCCC55026.2022.9894337
Zhang, Q., Bu, Y., Chen, B., Zhang, S., & Lu, X. (2021). Research on phishing webpage detection technology based on CNN-BiLSTM algorithm. Journal of Physics: Conference Series, 1738(1). https://doi.org/10.1088/1742-6596/1738/1/012131
Zheng, F., Yan, Q., Leung, V. C. M., Yu, F. R., & Ming, Z. (2022). HDP-CNN: Highway deep pyramid convolution neural network combining word-level and character-level representations for phishing website detection. COMPUTERS & SECURITY, 114. https://doi.org/10.1016/j.cose.2021.102584
Published
How to Cite
Issue
Section
Copyright (c) 2024 Abdullahi Raji Egigogo, Ismaila Idris, Morufu Olalere, Abisoye Opeyemi Aderiike

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.