From Imbalance Handling to Adaptive Fusion: A Robust URL Phishing Detection Pipeline


Ulutas G., Altuntas D., Aymaz Ş., Ustubioglu B., Tahaoglu G., Shullani D.

IEEE ACCESS, cilt.14, ss.74363-74379, 2026 (SCI-Expanded, Scopus)

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 14
  • Basım Tarihi: 2026
  • Doi Numarası: 10.1109/access.2026.3690069
  • Dergi Adı: IEEE ACCESS
  • Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Compendex, INSPEC, Directory of Open Access Journals
  • Sayfa Sayıları: ss.74363-74379
  • Karadeniz Teknik Üniversitesi Adresli: Evet

Özet

Phishing attacks are a class of cyberattacks in which adversaries deceive users to obtain sensitive credentials. Such attacks can spread quickly and dynamically through URL-based redirections, threatening network security and personal safety. In the proposed method, we build a stable modeling pipeline for URL-based phishing detection by leveraging the weighted fusion capabilities of an attention-based multi-feature fusion approach (AMFF) on boosting-based learning families. AMFF learns the relative importance of complementary features via an attention mechanism, balancing the fusion and reducing the impact of potential feature conflicts. In this study, the fusion approach is evaluated in the context of URL-based features and strong boosting classifiers (XGBoost and LightGBM); to mitigate the effects of class imbalance and data noise, a SMOTETomek-based balancing/cleaning strategy is applied. The approach is evaluated on different feature configurations of the UCI and Mendeley datasets using both 10-fold cross-validation and a 70/30 hold-out protocol. Experimental results show that the method achieves 97.94% accuracy and 99.76 AUC on UCI, 98.99% accuracy and 99.93 AUC on Mendeley-48, and 97.73% accuracy and 99.65 AUC on Mendeley-87. Additionally, the study provides a comparative analysis of different learning families and proposes a staged solution configuration for practical deployment (baseline model -> balancing/cleaning -> AMFF-based fusion). Overall, the findings indicate that the proposed AMFF-based configuration yields high discriminative power, low overfitting tendency, and strong generalization capability for URL-based phishing detection.