Detecting Phishing URLs with CNN - Decision Tree Method

Authors

  • Reza Aminullah Universitas Pembangunan Nasional Veteran Jawa Timur
  • Fetty Tri Anggraeny Universitas Pembangunan Nasional Veteran Jawa Timur
  • Fawwaz Ali Akbar Universitas Pembangunan Nasional Veteran Jawa Timur

DOI:

https://doi.org/10.62951/ijies.v2i2.222

Keywords:

Phishing, Detection, URL, Network, Learning

Abstract

This research focuses on assessing the efficacy of a method that integrates Convolutional Neural Networks (CNN) with Decision Trees for the detection of phishing URLs. Phishing represents a major cyber threat, where cybercriminals attempt to deceive individuals into disclosing sensitive information via fraudulent websites. As the frequency of phishing attacks continues to rise, there is a pressing need for effective detection and prevention strategies. In this investigation, a dataset comprising both phishing and legitimate URLs was utilized to train a CNN-Decision Tree model. The training phase includes feature extraction from URLs using CNN, which excels at identifying intricate patterns within the data, followed by classification through Decision Trees, recognized for their capacity to deliver straightforward and comprehensible interpretations of classification outcomes. The model's performance was evaluated across nine distinct scenarios to assess its effectiveness under varying conditions. The results indicated that the hybrid CNN-Decision Tree model achieved a precision rate of 94%, a recall of 90%, and an F1-Score of 92%, with an overall accuracy of 93%. These findings suggest that the model is not only proficient in identifying phishing URLs but also maintains a commendable balance between precision and recall. This research highlights that the synergy of CNN and Decision Trees can serve as a potent solution for phishing URL detection, significantly contributing to the advancement of enhanced cybersecurity systems.

References

Abdelnabi, S., Fritz, M., & Backes, M. (2023). Adversarial attacks and defenses in URL-based phishing detection systems. ACM Transactions on Privacy and Security, 26(2), 1–28. https://doi.org/10.1145/3582436

Aljofey, A., Jiang, Q., Rasool, A., Chen, H., & Liu, W. (2023). An effective hybrid deep learning model for phishing detection using URL and website features. Computers & Security, 124, 102984. https://doi.org/10.1016/j.cose.2022.102984

Al-Sartawi, A. M. A. M. (2020). Information technology governance and cybersecurity at the board level. International Journal of Critical Infrastructures, 16(2), 150–161. https://doi.org/10.1504/ijcis.2020.10029173

APWG. (n.d.). Phishing e-mail reports and phishing site trends. Retrieved from https://www.apwg.org

Barik, K., Misra, S., & Mohan, R. (2025). Web-based phishing URL detection model using deep learning optimization techniques. In-ternational Journal of Data Science and Analytics. https://doi.org/10.1007/s41060-025-00728-9

Barik, K., Misra, S., & Sanz, L. F. (2024). A model for estimating resiliency of AI-based classifiers defending against cyber attacks. In-ternational Journal of Computational Intelligence Systems, 17(1), 1–15. https://doi.org/10.1007/s44196-024-00686-3

Bhowal, S., Panigrahi, B. K., & Das, S. (2023). Explainable artificial intelligence in cybersecurity: A survey of phishing detection models. IEEE Access, 11, 87564–87585. https://doi.org/10.1109/ACCESS.2023.3301124

Fazeldehkordi, E. (2014). A machine learning approach to phishing detection and defense. Retrieved from https://www.researchgate.net/publication/267156776

Goel, D., & Jain, A. K. (2018). Mobile phishing attacks and defence mechanisms: State of art and open research challenges. Computer Security, 74, 120–133. https://doi.org/10.1016/j.cose.2017.12.006

Greene. (2018). No phishing beyond this point. IEEE Computing, 58(7), 67–75. https://doi.org/10.1109/MC.2018.2701632

Huang, K., Madnick, S. E., & Johnson, S. (2020). Framework for understanding cybersecurity impacts on international trade. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3555341

Ikeda, K., Marshall, A., & Zaharchuk, D. (2019). Agility, skills and cybersecurity: Critical drivers of competitiveness in times of economic uncertainty. Strategic Leadership, 47(3), 40–48. https://doi.org/10.1108/SL-02-2019-0032

Kavya, S., & Sumathi, D. (2025). Staying ahead of phishers: A review of recent advances and emerging methodologies in phishing detec-tion. Artificial Intelligence Review, 58(2), 329–350. https://doi.org/10.1007/s10462-024-11055-z

Kumar, A., & Sinha, D. (2022). Handling class imbalance in phishing detection using cost-sensitive deep learning techniques. Expert Systems with Applications, 200, 117012. https://doi.org/10.1016/j.eswa.2022.117012

Lallie, H. S., et al. (2021). Cybersecurity in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248. https://doi.org/10.1016/j.cose.2021.102248

Li, X., Zhou, Y., & Chen, T. (2024). Efficient hybrid ensemble models for real-time phishing URL detection. Computers & Security, 135, 103556. https://doi.org/10.1016/j.cose.2023.103556

Maware, C., Parsley, D. M., Huang, K., Swan, G. M., & Akafuah, N. (2023). Moving lab-based in-person training to online delivery: The case of a continuing engineering education program. Journal of Computer Assisted Learning, 39(4), 1167–1183. https://doi.org/10.1111/jcal.12789

Quinlan, J. R. (1986). Induction of decision trees. Machine Learning, 1(1), 81–106. https://doi.org/10.1007/BF00116251

Sahingoz, O. K., Buber, E., Demir, O., & Diri, B. (2019). Machine learning based phishing detection from URLs. Expert Systems with Applications, 117, 345–357. https://doi.org/10.1016/j.eswa.2018.09.029

Verma, R., & Das, A. (2023). A comprehensive review of phishing detection techniques using machine learning and deep learning approaches. IEEE Access, 11, 34125–34150. https://doi.org/10.1109/ACCESS.2023.3261456

Yang, P., Zhao, G., & Zeng, P. (2019). Phishing website detection based on multidimensional features driven by deep learning. IEEE Access, 7, 15196–15209. https://doi.org/10.1109/ACCESS.2019.2892066z

Zhang, Y., Jin, R., & Wang, H. (2022). Character-level convolutional neural networks for malicious URL detection. Expert Systems with Applications, 198, 116738. https://doi.org/10.1016/j.eswa.2022.11673 8

Downloads

Published

2025-03-07

How to Cite

Reza Aminullah, Fetty Tri Anggraeny, & Fawwaz Ali Akbar. (2025). Detecting Phishing URLs with CNN - Decision Tree Method. International Journal of Information Engineering and Science, 2(2), 01–09. https://doi.org/10.62951/ijies.v2i2.222

Issue

Vol. 2 No. 2 (2025): May : International Journal of Information Engineering and Science

Section

Articles

License

Copyright (c) 2025 International Journal of Information Engineering and Science

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Similar Articles

1 2 > >> 

You may also start an advanced similarity search for this article.