Phishing Website Detection: A Systematic Review of URL-Based and Deep Learning Approaches

Pratik Ahirwar; Anurag Shrivastava

doi:10.69968/ijisem.2026v5i229-37

Authors

Pratik Ahirwar M.Tech Scholar , Department of Computer Science & Engineering (CSE) , NRI Institute of Information Science and Technology (NIIST) Bhopal
Anurag Shrivastava Associate Professor and Head of Department (HOD) ,Department of Computer Science & Engineering (CSE) ,NRI Institute of Information Science and Technology (NIIST) BHOPAL

DOI:

https://doi.org/10.69968/ijisem.2026v5i229-37

Keywords:

Phishing Website Detection, Deep Learning, URL Features, Cybersecurity, Real-Time Systems, Machine Learning, Malicious URLs, Web Security

Abstract

Phishing websites have reached to be one of the most important cybersecurity threats in the digital ecosystem. They achieve this through impersonating reputed online services and through this technique, they get hold of the username, password, bank details, and even personal identification data of an unsuspecting user. The successful phishing attacks might lead to financial destruction, losing one's identity, privacy invasion, and the organization suffering from a bad reputation. The application of traditional phishing detection methods such as blacklists and rule-based heuristics has not been very effective, especially with the newly-created and fast- changing phishing websites. The development of deep learning (DL) has helped to a great extent in the improvement of the phishing detection systems because it has allowed for automated feature learning, better generalization, and real-time classification. The discussion on URL feature–based phishing detection is gaining traction and is being considered due to its minimal processing requirements, the possibility of being available at an early stage and thus being suitable for real-time deployment. Unlike the content-based or behavior-based detection methods, the URL-based method does not necessitate webpage rendering or external queries thus making it very efficient for browser and network-level security. This paper reviews and presents a detailed systematic analysis of deep learning–based real-time phishing website detection systems that utilize URL features. Its focus is on the evolution of phishing detection methods, URL feature representations, deep learning architectures, as well as system-level considerations. Furthermore, the paper discusses key challenges such as zero-day attacks, adversarial manipulation, concept drift, and model interpretability, while highlighting promising future research directions. By consolidating existing research into a structured review, this work aims to serve as a comprehensive reference for researchers and practitioners working in intelligent cybersecurity systems.

References

[1] Li, Wenhao, et al. "A state-of-the-art review on phishing website detection techniques." IEEE Access (2024).

[2] Purwanto, Rizka Widyarini, et al. "PhishSim: aiding phishing website detection with a feature-free tool." IEEE Transactions on Information Forensics and Security 17 (2022): 1497-1512.

[3] Zara, Ume, et al. "Phishing website detection using deep learning models." IEEE Access 12 (2024): 167072-167087.

[4] Tang, Lizhen, and Qusay H. Mahmoud. "A deep learning-based framework for phishing website detection." IEEe Access 10 (2021): 1509-1521.

[5] Çolhak, Furkan, et al. "Phishing website detection through multi-model analysis of html content." International Conference on Theoretical and Applied Computing. Singapore: Springer Nature Singapore, 2024.

[6] Widiono, Suyud, Achmad Nuruddin Safriandono, and Setyo Budi. "Phishing website detection using bidirectional gated recurrent unit model and feature selection." Journal of Future Artificial Intelligence and Technologies 1.2 (2024): 75-83.

[7] Almousa, May, et al. "Phishing website detection: How effective are deep learning‐based models and hyperparameter optimization?" Security and Privacy 5.6 (2022): e256.

[8] Veach, Alexander M., and Munther Abualkibash. "Phishing website detection using several machine learning algorithms: a review paper." International Journal of Informatics, Information System and Computer Engineering (INJIISCOM) 3.2 (2022): 219-230.

[9] Alsariera, YAZAN A., et al. "Intelligent tree-based ensemble approaches for phishing website detection." J. Eng. Sci. Technol 17.1 (2022): 563-582.

[10] Jawade, Jayesh V., and Soma N. Ghosh. "Phishing website detection using Fast. ai Library." 2021 International conference on communication information and computing technology (ICCICT). IEEE, 2021.

[11] Liu, Dong-Jie, Guang-Gang Geng, and Xin-Chang Zhang. "Multi-scale semantic deep fusion models for phishing website detection." Expert Systems with Applications 209 (2022): 118305.

[12] Selvakumari, M., et al. "Phishing website detection using machine learning and deep learning techniques." Journal of Physics: Conference Series. Vol. 1916. No. 1. IOP Publishing, 2021.

[13] Ravindra, Salvi Siddhi, et al. "Phishing website detection based on URL." International Journal of Scientific Research in Computer Science, Engineering and Information Technology (USRCSEIT) 7.3 (2021): 589-594.

[14] Omari, Kamal. "Comparative study of machine learning algorithms for phishing website detection." International Journal of Advanced Computer Science and Applications 14.9 (2023).

[15] Jovanovic, Luka, et al. "Improving phishing website detection using a hybrid two-level framework for feature selection and xgboost tuning." Journal of Web Engineering 22.3 (2023): 543-574.

[16] Asiri, Sultan, et al. "A survey of intelligent detection designs of HTML URL phishing attacks." IEEe Access 11 (2023): 6421-6443.

[17] Salloum, Said, et al. "A systematic literature review on phishing email detection using natural language processing techniques." Ieee Access 10 (2022): 65703-65727.

[18] Balogun, Abdullateef O., et al. "Optimized decision forest for website phishing detection." Proceedings of the Computational Methods in Systems and Software. Cham: Springer International Publishing, 2021. 568-582.

[19] Omari, Kamal. "Comparative study of machine learning algorithms for phishing website detection." International Journal of Advanced Computer Science and Applications 14.9 (2023).

[20] Remya, S., et al. "BGL-PhishNet: Phishing Website Detection Using Hybrid Model-BERT, GNN, and LightGBM." IEEE Access 13 (2025): 47552-47569.

[21] Remya, S., et al. "An effective detection approach for phishing URL using ResMLP." IEEE access 12 (2024): 79367-79382.

[22] Wei, Yi, and Yuji Sekiya. "Sufficiency of ensemble machine learning methods for phishing websites detection." IEEE Access 10 (2022): 124103-124113.

[23] Bhavani, P. Amba, et al. "Phishing websites detection using machine learning." Madhumitha and Likhitha, Pinnam Sree and Sai, Chanda Pranav Sai, Phishing Websites Detection Using Machine Learning (September 2, 2022) (2022).

[24] Ubing, Alyssa Anne, et al. "Phishing website detection: An improved accuracy through feature selection and ensemble learning." International Journal of Advanced Computer Science and Applications 10.1 (2019).

[25] Chaiban, A.; Sovilj, D.; Soliman, H.; Salmon, G.; Lin, X. Investigating the Influence of Feature Sources for Malicious Website Detection. Appl. Sci. 2022, 12, 2806. https://doi.org/10.3390/app12062806