Phishing Website Detection: An In‐Depth Investigation of Feature Selection and Deep Learning

ABSTRACT Cloud and fog computing technologies benefit from integrating AI‐driven phishing detection as it enhances security, scalability, real‐time reaction, and privacy. Nowadays, there is a noticeable rise in illegal activity taking place online. One of the illicit cybersecurity practices is phishing, in which hackers trick consumers by pretending to be authentic websites and spoofing them to obtain sensitive user information. Phishing attacks, regrettably, have increased dramatically in recent years, according to research. Machine learning (ML) and deep learning (DL) techniques have shown encouraging progress in thwarting these attacks. Consequently, we employed DL and ML techniques to identify phishing websites in this study. This article presents four scenarios in both ML and DL models. Two are proposed in ML, while the others are employed in DL. The outcomes of four scenarios were contrasted to determine which algorithm performed better at distinguishing between legal and illicit websites. Many popular ML techniques were used, including K‐nearest neighbour, random forest (RF), decision trees, and SVMs. PCA and Importance Features are implemented in both ML scenarios to find the best features. RF successfully reached an accuracy of 97.82% using the Importance Feature technique. However, the PCA method failed to improve the performance of ML algorithms. As a result of ML‐based scenarios, 98 features are selected for the final deep learning scenarios. In DL‐based scenarios, algorithm architectures are essential to avoid overfitting and bias due to various hyperparameters. Thus, in the third scenario, our aim focuses on DL architecture design. Multilayer perceptron and convolutional neural networks (CNNs) are employed to detect phishing websites. Finally, our proposed 1D CNN model, using stratified k‐fold cross‐validation, outperformed the classical ML algorithm, achieving 98.94% accuracy and 0.99 AUC‐ROC score in detecting phishing websites.