An Efficient Cybersecurity Method to Detect Phishing Attacks Integrating Heuristic-Driven Feature Optimizer and Deep Learning Algorithms
摘要
Phishing attacks have become increasingly sophisticated and remain one of the most prevalent threats to online security, leading to significant financial losses and privacy breaches. Despite the progress of machine learning-based detection systems, many existing approaches still suffer from limitations such as high-dimensional feature spaces, redundant URL attributes, and severe class imbalance in phishing datasets, which reduce detection accuracy and increase false alarm rates. To address these challenges, this study presents a comprehensive and practical framework for phishing URL detection by integrating a large, diverse real-world dataset, advanced feature engineering, and hybrid machine learning and deep learning models. Structural features are extracted from URL parameters, suspicious keyword patterns, and host structure to capture both lexical and behavioral characteristics of phishing attempts. To mitigate dataset imbalance, the Synthetic Minority Oversampling Technique (SMOTE) is applied to improve model training. Furthermore, a binary Sand Cat Swarm Optimization (SCSO) algorithm is employed for feature selection to identify a compact and informative subset of features. Experimental results demonstrate that while several classifiers perform reasonably well without feature selection, others struggle with the high-dimensional feature space. After applying SCSO, all classifiers exhibit significant improvements in accuracy, precision, sensitivity, F1-score, and AUC. Among the evaluated models, LSTM achieves the strongest overall performance, with AUC values approaching 0.98 and consistent stability across cross-validation folds. The results confirm that SCSO effectively removes redundant and noisy features, enhances generalization capability, and reduces false alarms. Overall, the proposed framework significantly improves detection accuracy, AUC, and adaptability across diverse phishing attack patterns, making it suitable for practical real-world deployment.