Journal of Machine and Computing


Enhanced Phishing URL Detection Using a Novel GRU-CNN Hybrid Approach



Journal of Machine and Computing

Received On : 23 May 2024

Revised On : 16 August 2024

Accepted On : 04 October 2024

Volume 05, Issue 01


Article Views

Abstract


As cybercriminals become their tactics, phishing URLs are increasingly operated to exploit unsuspecting users. This leads to notable financial loss and erodes user trust in online systems, influencing businesses and individuals. Though effective in specific scenarios, traditional signature-based and heuristic methods often require help keeping pace with the dynamic of phishing schemes. In this study, we introduce a hybrid model combining Gated Recurrent Unit (GRU) and Convolutional Neural Networks (CNN) to enhance phishing URL detection. Our primary purpose was to utilize both temporal feature extraction through GRU and spatial feature extraction using CNN, building a robust model capable of effectively identifying phishing attempts. We evaluated three models, GRU, CNN, and the proposed GRU+CNN hybrid, employing a Kaggle dataset containing over 2.5 million URL samples labeled as phishing. The GRU model reached 97.8% accuracy, while the CNN model performed slightly better, with 98% accuracy. However, the hybrid GRU+CNN model outperformed, achieving an accuracy of 99.0%, showing its superiority in addressing the complexities of phishing detection. Future work will optimize the hybrid model for real-time detection and investigate its adaptability to other cybersecurity domains, such as malware and social engineering threats.


Keywords


Phishing URL detection, Cybersecurity, Hybrid model, Cyber threat prevention, Deep learning, Phishing attacks.


  1. C. Lai et al., “URL Phishing Detection by Using Natural Language Processing and Deep Learning Model,” New Trends in Intelligent Software Methodologies, Tools and Techniques, Sep. 2024, doi: 10.3233/faia240360.
  2. M. A. I. Mallick and R. Nath, "Navigating the Cyber security Landscape: A Comprehensive Review of Cyber-Attacks, Emerging Trends, and Recent Developments," World Scientific News, vol. 190, pp. 1--69, 2024.
  3. S. Roy, "Cyber Deception against Adversarial Reconnaissance in Enterprise Network using Semi-Indistinguishable Honeypot," 2024.
  4. M. M. Ali and N. F. Mohd Zaharon, “Phishing—A Cyber Fraud: The Types, Implications and Governance,” International Journal of Educational Reform, vol. 33, no. 1, pp. 101–121, Mar. 2022, doi: 10.1177/10567879221082966.
  5. M. Safaei Pour, C. Nader, K. Friday, and E. Bou-Harb, “A Comprehensive Survey of Recent Internet Measurement Techniques for Cyber Security,” Computers & Security, vol. 128, p. 103123, May 2023, doi: 10.1016/j.cose.2023.103123.
  6. M. K. Prabakaran, P. Meenakshi Sundaram, and A. D. Chandrasekar, “An enhanced deep learning‐based phishing detection mechanism to effectively identify malicious URLs using variational autoencoders,” IET Information Security, vol. 17, no. 3, pp. 423–440, Jan. 2023, doi: 10.1049/ise2.12106.
  7. G. D. G. Jaime, E. A. de Jesus, and C. M. N. A. Pereira, "EVALUATING PHISHING RISKS AND SOCIAL ENGINEERING IN A NUCLEAR INFRASTRUCTURE: A CYBERSECURITY CASE STUDY," Instituto de Engenharia Nuclear: Progress Report, pp. 52--54, 2024.
  8. S. Patil and S. Dhage, “A Methodical Overview on Phishing Detection along with an Organized Way to Construct an Anti-Phishing Framework,” 2019 5th International Conference on Advanced Computing & Communication Systems (ICACCS), vol. 15, pp. 588–593, Mar. 2019, doi: 10.1109/icaccs.2019.8728356.
  9. B. C. Ujah-Ogbuagu, O. N. Akande, and E. Ogbuju, “A hybrid deep learning technique for spoofing website URL detection in real-time applications,” Journal of Electrical Systems and Information Technology, vol. 11, no. 1, Jan. 2024, doi: 10.1186/s43067-023-00128-8.
  10. M. Ravi Prasad and N. Thillaiarasu, “Multichannel EfficientNet B7 with attention mechanism using multimodal biometric- based authentication for ATM transaction,” Multiagent and Grid Systems, vol. 20, no. 2, pp. 89–108, Aug. 2024, doi: 10.3233/mgs-230118.
  11. G. Varshney, R. Kumawat, V. Varadharajan, U. Tupakula, and C. Gupta, “Anti-phishing: A comprehensive perspective,” Expert Systems with Applications, vol. 238, p. 122199, Mar. 2024, doi: 10.1016/j.eswa.2023.122199.
  12. F. Carroll, J. A. Adejobi, and R. Montasari, “How Good Are We at Detecting a Phishing Attack? Investigating the Evolving Phishing Attack Email and Why It Continues to Successfully Deceive Society,” SN Computer Science, vol. 3, no. 2, Feb. 2022, doi: 10.1007/s42979-022-01069-1.
  13. A. Karim, M. Shahroz, K. Mustofa, S. B. Belhaouari, and S. R. K. Joga, “Phishing Detection System Through Hybrid Machine Learning Based on URL,” IEEE Access, vol. 11, pp. 36805–36822, 2023, doi: 10.1109/access.2023.3252366.
  14. A. Ozcan, C. Catal, E. Donmez, and B. Senturk, “A hybrid DNN–LSTM model for detecting phishing URLs,” Neural Computing and Applications, vol. 35, no. 7, pp. 4957–4973, Aug. 2021, doi: 10.1007/s00521-021-06401-z.
  15. S. Das Guptta, K. T. Shahriar, H. Alqahtani, D. Alsalman, and I. H. Sarker, “Modeling Hybrid Feature-Based Phishing Websites Detection Using Machine Learning Techniques,” Annals of Data Science, vol. 11, no. 1, pp. 217–242, Mar. 2022, doi: 10.1007/s40745-022-00379-8.
  16. F. S. Alsubaei, A. A. Almazroi, and N. Ayub, “Enhancing Phishing Detection: A Novel Hybrid Deep Learning Framework for Cybercrime Forensics,” IEEE Access, vol. 12, pp. 8373–8389, 2024, doi: 10.1109/access.2024.3351946.
  17. A. Pandey and J. Chadawar, "Phishing URL detection using hybrid ensemble model," INTERNATIONAL JOURNAL OF ENGINEERING RESEARCH \& TECHNOLOGY (IJERT), vol. 11, 2022.
  18. Srilatha, Doddi, and N. Thillaiarasu. "Implementation of Intrusion detection and prevention with Deep Learning in Cloud Computing." Journal of Information Technology Management 15.Special Issue (2023): 1-18..
  19. M. W. Shaukat, R. Amin, M. M. A. Muslam, A. H. Alshehri, and J. Xie, “A Hybrid Approach for Alluring Ads Phishing Attack Detection Using Machine Learning,” Sensors, vol. 23, no. 19, p. 8070, Sep. 2023, doi: 10.3390/s23198070.
  20. E. Kocyigit, M. Korkmaz, O. K. Sahingoz, and B. Diri, “Enhanced Feature Selection Using Genetic Algorithm for Machine-Learning-Based Phishing URL Detection,” Applied Sciences, vol. 14, no. 14, p. 6081, Jul. 2024, doi: 10.3390/app14146081.
  21. M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” Journal of Enterprise Information Management, vol. 36, no. 3, pp. 747–766, Jun. 2020, doi: 10.1108/jeim-01-2020-0036.
  22. X. Gao, X. Li, B. Zhao, W. Ji, X. Jing, and Y. He, “Short-Term Electricity Load Forecasting Model Based on EMD-GRU with Feature Selection,” Energies, vol. 12, no. 6, p. 1140, Mar. 2019, doi: 10.3390/en12061140.
  23. M. Sabri and M. El Hassouni, “A Novel Deep Learning Approach for Short Term Photovoltaic Power Forecasting Based on GRU-CNN Model,” E3S Web of Conferences, vol. 336, p. 00064, 2022, doi: 10.1051/e3sconf/202233600064.
  24. A. et al., “Detecting phishing attacks using a combined model of LSTM and CNN,” International Journal of ADVANCED AND APPLIED SCIENCES, vol. 7, no. 7, pp. 56–67, Jul. 2020, doi: 10.21833/ijaas.2020.07.007.
  25. M. W. Shaukat, R. Amin, M. M. A. Muslam, A. H. Alshehri, and J. Xie, “A Hybrid Approach for Alluring Ads Phishing Attack Detection Using Machine Learning,” Sensors, vol. 23, no. 19, p. 8070, Sep. 2023, doi: 10.3390/s23198070.
  26. T. Choudhary, S. Mhapankar, R. Bhddha, A. Kharuk, and R. Patil, “Machine Learning Approach for Phishing Attack Detection,” Journal of Artificial Intelligence and Technology, May 2023, doi: 10.37965/jait.2023.0197.
  27. M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” Journal of Enterprise Information Management, vol. 36, no. 3, pp. 747–766, Jun. 2020, doi: 10.1108/jeim-01-2020-0036.

Acknowledgements


The authors would like to thank to the reviewers for nice comments on the manuscript.


Funding


No funding was received to assist with the preparation of this manuscript.


Ethics declarations


Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.


Availability of data and materials


Data sharing is not applicable to this article as no new data were created or analysed in this study.


Author information


Contributions

All authors have equal contribution in the paper and all authors have read and agreed to the published version of the manuscript.


Corresponding author


Rights and permissions


Open Access This article is licensed under a Creative Commons Attribution NoDerivs is a more restrictive license. It allows you to redistribute the material commercially or non-commercially but the user cannot make any changes whatsoever to the original, i.e. no derivatives of the original work. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-nd/4.0/


Cite this article


Sangeetha M, Navaz K, Santosh Kumar Ravva, Roopa R, Penubaka Balaji and Ravi Kumar T, “Enhanced Phishing URL Detection Using a Novel GRU-CNN Hybrid Approach”, Journal of Machine and Computing. doi: 10.53759/7669/jmc202505007.


Copyright


© 2025 Sangeetha M, Navaz K, Santosh Kumar Ravva, Roopa R, Penubaka Balaji and Ravi Kumar T. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.