Enhanced Phishing Detection and Classification Using an Ensemble Machine Learning Approach for URL Analysis
摘要
Phishing attacks, particularly those initiated through malicious URLs, have become a prevalent cybersecurity threat. This study aims to develop and evaluate an ensemble machine learning model for detecting and classifying phishing URLs with enhanced accuracy and reliability. By leveraging the strengths of multiple classifiers, the proposed model addresses the limitations of individual classifiers in detecting complex phishing patterns. The proposed model combines several machine learning classifiers, including Random Forest, Gradient Boosting, and Support Vector Machines, in an ensemble architecture. A dataset of legitimate and phishing URLs was collected from publicly available sources, and feature extraction techniques were applied to derive key URL attributes such as length, special characters, and domain-related features. The performance of the ensemble model was compared against individual classifiers through metrics such as accuracy, precision, recall, F1-score, and AUC-ROC curve. The ensemble model outperformed individual classifiers in detecting phishing URLs, achieving an accuracy of 97.5%, with improved precision and recall rates compared to standalone models. The false positive rate was significantly reduced, demonstrating the model’s ability to differentiate between phishing and benign URLs effectively. Additionally, the ensemble approach demonstrated robustness against novel phishing techniques by adapting to various URL patterns. The results indicate that ensemble machine learning techniques provide a more robust solution for phishing detection, as they combine the strengths of multiple algorithms to address the diversity and complexity of phishing URLs. The use of an ensemble approach mitigates common issues in phishing detection, such as overfitting and poor generalization, while offering improved detection rates in real-time applications. Future work will focus on refining the model with real-time data and deploying it in an operational environment to assess its performance in detecting advanced phishing techniques.