Hybrid Deep Learning Approaches Enable Intrusion Detection System for Zero-Day Phishing Detection
DOI:
https://doi.org/10.21015/vtse.v13i4.2287Abstract
These days, The website Uniform Resource Locator (URL) is widely used for accessing and navigating online information. However, the rise of AI-generated fake content, scams, counterfeit URLs, and other cyberattacks has significantly increased phishing-related threats. These fake URLs are difficult to identify because phishing links often resemble legitimate URLs. Consequently, both known and unknown (zero-day) phishing attacks remain difficult to detect in practice.This paper presents a hybrid deep learning–based intrusion detection system capable of detecting both known and zero-day phishing URLs. The objective is to provide users with absolute URLs while protecting them from fake ones. Another goal is to design an adaptive intrusion detection system (IDS) that combines static analysis, signature-based detection, and heuristic methods to identify phishing URLs. The proposed method, named the Zero-Phishing Convolutional Neural Network and Long Short-Term Memory (ZP-CNN-LSTM) algorithm, consists of three distinct schemes. For instance, static analysis rules are based on regular expressions, signatures for convolutional neural networks (CNNs), and zero-day detection using LSTM and autoencoders. We tested our project in the VR and AR research laboratory on 2 million testbed URLs, determined whether they were real or fake with respect to phishing, and predicted their phishing patterns. Results show that the proposed method achieves 98% higher accuracy than existing phishing detection methods in practice.
References
O. K. Sahingoz, E. Buber, and E. Kugu, “DEPHIDES: Deep learning based phishing detection system,” IEEE Access, vol. 12, pp. 8052–8070, 2024, doi: 10.1109/ACCESS.2024.3352629.
M. A. Adebowale, K. T. Lwin, and M. A. Hossain, “Intelligent phishing detection scheme using deep learning algorithms,” Journal of Enterprise Information Management, vol. 36, no. 3, pp. 747–766, Apr. 2023.
R. Vinayakumar et al., “Deep learning approach for intelligent intrusion detection system,” IEEE Access, vol. 7, pp. 41525–41550, 2019.
S. M. Sohi, J. P. Seifert, and F. Ganji, “RNNIDS: Enhancing network intrusion detection systems through deep learning,” Computers & Security, vol. 102, p. 102151, 2021.
T. A. Tang et al., “Deep recurrent neural network for intrusion detection based networks,” in Proc. 4th IEEE Conf. Network Softwarization and Workshops (NetSoft), 2018, pp. 202–206.
B. Wei et al., “A deep-learning-driven lightweight phishing detection sensor,” Sensors, vol. 19, no. 19, p. 4258, 2019.
M. Soltani et al., “An adaptable deep learning-based intrusion detection system to zero-day attacks,” Journal of Information Security and Applications, vol. 76, p. 103516, 2023.
Z. Alshingiti et al., “A deep learning-based phishing detection system using CNN, LSTM, and LSTM-CNN,” Electronics, vol. 12, no. 1, p. 232, 2023.
O. K. Sahingoz, E. Buber, and E. Kugu, “DEPHIDES: Deep learning based phishing detection system,” IEEE Access, vol. 12, pp. 8052–8070, 2024, doi: 10.1109/ACCESS.2024.3352629.
Q. E. U. Haq, M. H. Faheem, and I. Ahmad, “Detecting phishing URLs based on a deep learning approach to prevent cyber-attacks,” Applied Sciences, vol. 14, no. 22, p. 10086, 2024.
E. S. A. Alars and S. Kurnaz, “Enhancing network intrusion detection systems with combined network and host traffic features using deep learning,” Discover Computing, vol. 27, no. 1, p. 39, 2024.
E. A. Aldakheel et al., “A deep learning-based innovative technique for phishing detection using uniform resource locators,” Sensors, vol. 23, no. 9, p. 4403, 2023.
M. Sameen, K. Han, and S. O. Hwang, “PhishHaven—An efficient real-time AI phishing URLs detection system,” IEEE Access, vol. 8, pp. 83425–83443, 2020.
N. Q. Do et al., “Deep learning for phishing detection: Taxonomy, current challenges and future directions,” IEEE Access, vol. 10, pp. 36429–36463, 2022.
A. Al-Alyan and S. Al-Ahmadi, “Robust URL phishing detection based on deep learning,” KSII Transactions on Internet and Information Systems, vol. 14, no. 7, 2020.
B. K. Sedraoui et al., “Intrusion detection with deep learning: A literature review,” in Proc. 6th Int. Conf. Pattern Analysis and Intelligent Systems (PAIS), IEEE, 2024.
R. Vinayakumar, K. P. Soman, and P. Poornachandran, “Evaluating deep learning approaches to characterize and classify malicious URLs,” Journal of Intelligent & Fuzzy Systems, vol. 34, no. 3, pp. 1333–1343, 2018. DOI: https://doi.org/10.3233/JIFS-169429
A. Ozcan et al., “A hybrid DNN–LSTM model for detecting phishing URLs,” Neural Computing and Applications, vol. 35, no. 7, pp. 4957–4973, 2023.
H. Le et al., “URLNet: Learning a URL representation with deep learning for malicious URL detection,” arXiv preprint arXiv:1802.03162, 2018.
S. Afzal et al., “URLDeepDetect: A deep learning approach for detecting malicious URLs using semantic vector models,” Journal of Network and Systems Management, vol. 29, no. 3, p. 21, 2021.
U. A. Butt et al., “Cloud-based email phishing attack detection using machine and deep learning algorithms,” Complex & Intelligent Systems, vol. 9, no. 3, pp. 3043–3070, 2023.
K. Sruthi, “A novel framework for effective phishing URL detection using an LSTM-based Siamese network,” Knowledge-Based Systems, p. 114271, 2025.
E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: Hybrid deep-learning-based network intrusion detection system,” Applied Sciences, vol. 13, no. 8, p. 4921, 2023.
A. Basit et al., “A comprehensive survey of AI-enabled phishing attack detection techniques,” Telecommunication Systems, vol. 76, no. 1, pp. 139–154, 2021.
S. Srinivasan et al., “DURLD: Malicious URL detection using deep learning–based character-level representations,” in Malware Analysis Using Artificial Intelligence and Deep Learning, Cham, Switzerland: Springer, 2020, pp. 535–554.
I. A. Essien et al., “Neural network–based phishing attack detection and prevention systems,” Journal of Frontiers in Multidisciplinary Research, vol. 2, no. 2, pp. 222–238, 2021.
A. K. Yamarthy and C. Koteswararao, “MDepthNet-based phishing attack detection using integrated deep learning methodologies for cybersecurity enhancement,” Cluster Computing, vol. 27, no. 5, pp. 6377–6395, 2024.
A. AlEroud and G. Karabatis, “Bypassing detection of URL-based phishing attacks using generative adversarial deep neural networks,” in Proc. 6th Int. Workshop on Security and Privacy Analytics, 2020.
P. K. Roy, A. Kumar, and A. Singh, “Advanced learning for phishing URL detection to secure consumer-centric applications,” IEEE Transactions on Consumer Electronics, vol. 70, no. 3, pp. 5756–5763, 2024.
H. Bibi et al., “Phishing website detection using improved multilayered convolutional neural networks,” Journal of Computer Science, vol. 20, no. 9, pp. 1069–1079, 2024.
M. Korkmaz, E. Kocyigit, O. Sahingoz, and B. Diri, “A hybrid phishing detection system using deep learning–based URL and content analysis,” Elektronika ir Elektrotechnika, vol. 28, no. 5, pp. 1–8, 2022.
N. Q. Do et al., “Deep learning for phishing detection: Taxonomy, current challenges, and future directions,” IEEE Access, vol. 10, pp. 36429–36463, 2022, doi: 10.1109/ACCESS.2022.3151903.
Z. Dai et al., “An intrusion detection model to detect zero-day attacks in unseen data using machine learning,” PLOS ONE, vol. 19, no. 9, e0308469, 2024, doi: 10.1371/journal.pone.0308469.
“Systematic review of deep learning techniques for phishing email detection,” Electronics, vol. 13, no. 19, p. 3823, 2024, doi: 10.3390/electronics13193823.
M. F. Memon, R. Shah, and A. Ali, “A novel primary key infrastructure IoT-enabled secure access control framework for smart home applications,” VFAST Transactions on Software Engineering, vol. 13, no. 1, pp. 37–48, 2025. DOI: https://doi.org/10.21015/vtse.v13i1.2040
T. M. Grønli, H. Wu, M. Younas, and G. Ghinea, “A novel homomorphic blockchain scheme for intelligent transport services in fog/cloud and IoT networks,” IEEE Transactions on Intelligent Transportation Systems, 2024.
Z. A. A. Alyasseri et al., “Sustainable secure blockchain-assisted AIoT and green multi-constraints supply chain system,” IEEE Internet of Things Journal, 2025.
Q. Qazi, “Metaverse-assisted healthcare body sensor network architecture,” in Proc. IEEE 20th Int. Conf. on Body Sensor Networks (BSN), Oct. 2024, pp. 1–4.
M. A. Mohammed et al., “Restricted Boltzmann machine–assisted secure serverless edge system for Internet of Medical Things,” IEEE Journal of Biomedical and Health Informatics, vol. 27, no. 2, pp. 673–683, 2022.
T. M. Grønli, P. Bellavista, S. Memon, M. Alharby, and O. Thinnukool, “IoT workload offloading–efficient intelligent transport system in federated ACNN-integrated cooperative edge–cloud networks,” Journal of Cloud Computing, vol. 13, no. 1, p. 79, 2024.
M. A. Mohammed et al., “Augmented IoT cooperative vehicular framework based on distributed deep blockchain networks,” IEEE Internet of Things Journal, vol. 11, no. 22, pp. 35825–35838, 2024.
M. A. Mohammed et al., “Secure blockchain-assisted Internet of Medical Things architecture for data fusion–enabled cancer workflow,” Internet of Things, vol. 24, p. 100928, 2023.
M. Elhoseny, M. A. Mohammed, and M. M. Jaber, “SFDWA: Secure and fault-tolerant aware delay-optimal workload assignment schemes in edge computing for Internet of Drone Things applications,” Wireless Communications and Mobile Computing, vol. 2022, p. 5667012, 2022.
Q. U. A. Mastoi et al., “Hybrid workload-enabled and secure healthcare monitoring sensing framework in distributed fog–cloud networks,” Electronics, vol. 10, no. 16, p. 1974, 2021.
M. Ahmad, M. Bilal, A. Jolfaei, and R. M. Mehmood, “Mobility-aware blockchain-enabled offloading and scheduling in vehicular fog–cloud computing,” IEEE Transactions on Intelligent Transportation Systems, vol. 22, no. 7, pp. 4212–4223, 2021.
M. A. Mohammed, J. Nedoma, R. Martinek, P. Tiwari, and N. Kumar, “Blockchain-enabled cybersecurity-efficient IIoHT cyber–physical system for medical applications,” IEEE Transactions on Network Science and Engineering, vol. 10, no. 5, pp. 2466–2479, 2022.
A. Cohen, “Client-side zero-shot LLM inference for comprehensive in-browser URL analysis,” arXiv:2506.03656, 2025.
Y. Xue, E. Spero, Y. S. Koh, and G. Russello, “MultiPhishGuard: An LLM-based multi-agent system for phishing email detection,” arXiv:2505.23803, 2025.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This work is licensed under a Creative Commons Attribution License CC BY
